From bddaccd0cdf7494294c2830c2a7d5720911a3c10 Mon Sep 17 00:00:00 2001 From: cicd Date: Fri, 6 Jun 2025 07:52:12 +0200 Subject: [PATCH] commit by to_remotes 2025-06-06 07:52:12 +0200 from cicd --- bundle-audit-time.txt | 2 +- bundle-audit.json | 2 +- report.txt | 11 +---------- update-info.txt | 9 +-------- 4 files changed, 4 insertions(+), 20 deletions(-) diff --git a/bundle-audit-time.txt b/bundle-audit-time.txt index dc72def..d692d6c 100644 --- a/bundle-audit-time.txt +++ b/bundle-audit-time.txt @@ -1 +1 @@ -2025-06-06T07:34:16+02:00 +2025-06-06T07:52:12+02:00 diff --git a/bundle-audit.json b/bundle-audit.json index 11fbbb6..79ff826 100644 --- a/bundle-audit.json +++ b/bundle-audit.json @@ -1 +1 @@ -{"version":"0.9.2","created_at":"2025-06-06 07:34:16 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rack","version":"3.1.14"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rack/CVE-2025-49007.yml","id":"CVE-2025-49007","url":"https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw","title":"ReDoS Vulnerability in Rack::Multipart handle_mime_head","date":"2025-06-05","description":"### Summary\n\nThere is a denial of service vulnerability in the\nContent-Disposition parsing component of Rack. This is very\nsimilar to the previous security issue CVE-2022-44571.\n\n### Details\n\nCarefully crafted input can cause Content-Disposition header\nparsing in Rack to take an unexpected amount of time, possibly\nresulting in a denial of service attack vector. This header is\nused typically used in multipart parsing. Any applications that\nparse multipart posts using Rack (virtually all Rails applications)\nare impacted.\n\n### Credits\n\nThanks to [scyoon](https://hackerone.com/scyoon) for reporting\nthis to the Rails security team\n","cvss_v2":null,"cvss_v3":null,"cve":"2025-49007","osvdb":null,"ghsa":"47m2-26rw-j2jw","unaffected_versions":["< 3.1.0"],"patched_versions":[">= 3.1.16"],"criticality":null}}]} \ No newline at end of file +{"version":"0.9.2","created_at":"2025-06-06 07:52:11 +0200","results":[]} \ No newline at end of file diff --git a/report.txt b/report.txt index 4d2b6f5..8900c02 100644 --- a/report.txt +++ b/report.txt @@ -1,10 +1 @@ -Name: rack -Version: 3.1.14 -CVE: CVE-2025-49007 -GHSA: GHSA-47m2-26rw-j2jw -Criticality: Unknown -URL: https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw -Title: ReDoS Vulnerability in Rack::Multipart handle_mime_head -Solution: update to '>= 3.1.16' - -Vulnerabilities found! +No vulnerabilities found diff --git a/update-info.txt b/update-info.txt index a2bd3c4..5e9f481 100644 --- a/update-info.txt +++ b/update-info.txt @@ -1,12 +1,5 @@ Updating ruby-advisory-db ... -Updating 85f55ec..8b57546 -Fast-forward - gems/fluentd-ui/CVE-2020-21514.yml | 2 +- - gems/fluentd/CVE-2020-21514.yml | 18 ------------------ - gems/rack/CVE-2025-49007.yml | 39 ++++++++++++++++++++++++++++++++++++++ - 3 files changed, 40 insertions(+), 19 deletions(-) - delete mode 100644 gems/fluentd/CVE-2020-21514.yml - create mode 100644 gems/rack/CVE-2025-49007.yml +Already up to date. Updated ruby-advisory-db ruby-advisory-db: advisories: 987 advisories