commit by to_remotes 2024-08-14 07:26:33 +0200 from cicd

2024-08-14 07:26:33 +02:00 · 2024-08-14 07:26:33 +02:00 · da44ff0f1c
parent 25e34049ec
commit da44ff0f1c
4 changed files with 4 additions and 50 deletions
--- a/bundle-audit-time.txt
+++ b/bundle-audit-time.txt
@ -1 +1 @@
-2024-08-14T07:19:06+02:00
+2024-08-14T07:26:33+02:00
--- a/bundle-audit.json
+++ b/bundle-audit.json
@ -1 +1 @@
-{"version":"0.9.1","created_at":"2024-08-14 07:19:06 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-41123.yml","id":"CVE-2024-41123","url":"https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123","title":"DoS vulnerabilities in REXML","date":"2024-08-01","description":"There are some DoS vulnerabilities in REXML gem.\nThese vulnerabilities have been assigned the CVE identifier\nCVE-2024-41123. We strongly recommend upgrading the REXML gem.\n\n## Details\n\nWhen parsing an XML document that has many specific characters such\nas whitespace character, >] and ]>, REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.3 or later.\n\n## Affected versions\n\n* REXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to mprogrammer and scyoon for discovering these issues.\n\n## History\n\nOriginally published at 2024-08-01 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-41123","osvdb":null,"ghsa":"r55c-59qm-vjw6","unaffected_versions":[],"patched_versions":[">= 3.3.3"],"criticality":"medium"}},{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-41946.yml","id":"CVE-2024-41946","url":"https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946","title":"DoS vulnerabilities in REXML","date":"2024-08-01","description":"There is a DoS vulnerability in REXML gem.\nThis vulnerability has been assigned the CVE identifier\nCVE-2024-41946. We strongly recommend upgrading the REXML gem.\n\n## Details\n\nWhen parsing an XML that has many entity expansions with SAX2 or\npull parser API, REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.3 or later.\n\n## Affected versions\n\n* REXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to NAITOH Jun for discovering and fixing this issue.\n\n## History\n\nOriginally published at 2024-08-01 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-41946","osvdb":null,"ghsa":"5866-49gr-22v4","unaffected_versions":[],"patched_versions":[">= 3.3.3"],"criticality":"medium"}}]}
+{"version":"0.9.1","created_at":"2024-08-14 07:26:33 +0200","results":[]}
--- a/report.txt
+++ b/report.txt
@ -1,19 +1 @@
-Name: rexml
+No vulnerabilities found
 Version: 3.3.2
 CVE: CVE-2024-41123
 GHSA: GHSA-r55c-59qm-vjw6
 Criticality: Medium
 URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123
 Title: DoS vulnerabilities in REXML
 Solution: upgrade to '>= 3.3.3'
 Name: rexml
 Version: 3.3.2
 CVE: CVE-2024-41946
 GHSA: GHSA-5866-49gr-22v4
 Criticality: Medium
 URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946
 Title: DoS vulnerabilities in REXML
 Solution: upgrade to '>= 3.3.3'
 Vulnerabilities found!
--- a/update-info.txt
+++ b/update-info.txt
@ -1,33 +1,5 @@
 Updating ruby-advisory-db ...
-Updating a3b9e12..3f2952b
+Already up to date.
 Fast-forward
 gems/bootstrap-sass/CVE-2016-10735.yml |  2 +-
 gems/bootstrap-sass/CVE-2018-14040.yml | 47 ++++++++++++++++++++++++++++++++++
 gems/bootstrap-sass/CVE-2018-14042.yml | 45 ++++++++++++++++++++++++++++++++
 gems/bootstrap-sass/CVE-2018-20676.yml | 31 ++++++++++++++++++++++
 gems/bootstrap-sass/CVE-2018-20677.yml | 32 +++++++++++++++++++++++
 gems/bootstrap-sass/CVE-2024-6484.yml  | 23 +++++++++++++++++
 gems/bootstrap/CVE-2016-10735.yml      |  2 +-
 gems/bootstrap/CVE-2018-20676.yml      | 31 ++++++++++++++++++++++
 gems/bootstrap/CVE-2018-20677.yml      | 32 +++++++++++++++++++++++
 gems/bootstrap/CVE-2024-6484.yml       | 24 +++++++++++++++++
 gems/bootstrap/CVE-2024-6531.yml       | 24 +++++++++++++++++
 gems/grpc/CVE-2023-33953.yml           | 47 ++++++++++++++++++++++++++++++++++
 gems/rexml/CVE-2024-41123.yml          | 36 ++++++++++++++++++++++++++
 gems/rexml/CVE-2024-41946.yml          | 36 ++++++++++++++++++++++++++
 14 files changed, 410 insertions(+), 2 deletions(-)
 create mode 100644 gems/bootstrap-sass/CVE-2018-14040.yml
 create mode 100644 gems/bootstrap-sass/CVE-2018-14042.yml
 create mode 100644 gems/bootstrap-sass/CVE-2018-20676.yml
 create mode 100644 gems/bootstrap-sass/CVE-2018-20677.yml
 create mode 100644 gems/bootstrap-sass/CVE-2024-6484.yml
 create mode 100644 gems/bootstrap/CVE-2018-20676.yml
 create mode 100644 gems/bootstrap/CVE-2018-20677.yml
 create mode 100644 gems/bootstrap/CVE-2024-6484.yml
 create mode 100644 gems/bootstrap/CVE-2024-6531.yml
 create mode 100644 gems/grpc/CVE-2023-33953.yml
 create mode 100644 gems/rexml/CVE-2024-41123.yml
 create mode 100644 gems/rexml/CVE-2024-41946.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
  advisories:	913 advisories
`@ -1 +1 @@`
	`2024-08-14T07:19:06+02:00`	`2024-08-14T07:26:33+02:00`
		`@ -1 +1 @@`
			{"version":"0.9.1","created_at":"2024-08-14 07:19:06 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-41123.yml","id":"CVE-2024-41123","url":"https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123","title":"DoS vulnerabilities in REXML","date":"2024-08-01","description":"There are some DoS vulnerabilities in REXML gem.\nThese vulnerabilities have been assigned the CVE identifier\nCVE-2024-41123. We strongly recommend upgrading the REXML gem.\n\n## Details\n\nWhen parsing an XML document that has many specific characters such\nas whitespace character, >] and ]>, REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.3 or later.\n\n## Affected versions\n\n* REXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to mprogrammer and scyoon for discovering these issues.\n\n## History\n\nOriginally published at 2024-08-01 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-41123","osvdb":null,"ghsa":"r55c-59qm-vjw6","unaffected_versions":[],"patched_versions":[">= 3.3.3"],"criticality":"medium"}},{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-41946.yml","id":"CVE-2024-41946","url":"https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946","title":"DoS vulnerabilities in REXML","date":"2024-08-01","description":"There is a DoS vulnerability in REXML gem.\nThis vulnerability has been assigned the CVE identifier\nCVE-2024-41946. We strongly recommend upgrading the REXML gem.\n\n## Details\n\nWhen parsing an XML that has many entity expansions with SAX2 or\npull parser API, REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.3 or later.\n\n## Affected versions\n\n* REXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to NAITOH Jun for discovering and fixing this issue.\n\n## History\n\nOriginally published at 2024-08-01 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-41946","osvdb":null,"ghsa":"5866-49gr-22v4","unaffected_versions":[],"patched_versions":[">= 3.3.3"],"criticality":"medium"}}]}				`{"version":"0.9.1","created_at":"2024-08-14 07:26:33 +0200","results":[]}`