wiseadvice_public_repos
/
bundle-audit-results
3
0
Fork 0
Code Wiki

commit by to_remotes 2024-08-14 07:26:33 +0200 from cicd

main
cicd 2024-08-14 07:26:33 +02:00
parent 25e34049ec
commit da44ff0f1c
4 changed files with 4 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bundle-audit-time.txt
View File

@ -1 +1 @@
2024-08-14T07:19:06+02:00
2024-08-14T07:26:33+02:00

2
bundle-audit.json
View File

@ -1 +1 @@
{"version":"0.9.1","created_at":"2024-08-14 07:19:06 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-41123.yml","id":"CVE-2024-41123","url":"https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123","title":"DoS vulnerabilities in REXML","date":"2024-08-01","description":"There are some DoS vulnerabilities in REXML gem.\nThese vulnerabilities have been assigned the CVE identifier\nCVE-2024-41123. We strongly recommend upgrading the REXML gem.\n\n## Details\n\nWhen parsing an XML document that has many specific characters such\nas whitespace character, >] and ]>, REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.3 or later.\n\n## Affected versions\n\n* REXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to mprogrammer and scyoon for discovering these issues.\n\n## History\n\nOriginally published at 2024-08-01 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-41123","osvdb":null,"ghsa":"r55c-59qm-vjw6","unaffected_versions":[],"patched_versions":[">= 3.3.3"],"criticality":"medium"}},{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-41946.yml","id":"CVE-2024-41946","url":"https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946","title":"DoS vulnerabilities in REXML","date":"2024-08-01","description":"There is a DoS vulnerability in REXML gem.\nThis vulnerability has been assigned the CVE identifier\nCVE-2024-41946. We strongly recommend upgrading the REXML gem.\n\n## Details\n\nWhen parsing an XML that has many entity expansions with SAX2 or\npull parser API, REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.3 or later.\n\n## Affected versions\n\n* REXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to NAITOH Jun for discovering and fixing this issue.\n\n## History\n\nOriginally published at 2024-08-01 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-41946","osvdb":null,"ghsa":"5866-49gr-22v4","unaffected_versions":[],"patched_versions":[">= 3.3.3"],"criticality":"medium"}}]}
{"version":"0.9.1","created_at":"2024-08-14 07:26:33 +0200","results":[]}

20
report.txt
View File

@ -1,19 +1 @@
Name: rexml
Version: 3.3.2
CVE: CVE-2024-41123
GHSA: GHSA-r55c-59qm-vjw6
Criticality: Medium
URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123
Title: DoS vulnerabilities in REXML
Solution: upgrade to '>= 3.3.3'
Name: rexml
Version: 3.3.2
CVE: CVE-2024-41946
GHSA: GHSA-5866-49gr-22v4
Criticality: Medium
URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946
Title: DoS vulnerabilities in REXML
Solution: upgrade to '>= 3.3.3'
Vulnerabilities found!
No vulnerabilities found

30
update-info.txt
View File

@ -1,33 +1,5 @@
Updating ruby-advisory-db ...
Updating a3b9e12..3f2952b
Fast-forward
gems/bootstrap-sass/CVE-2016-10735.yml | 2 +-
gems/bootstrap-sass/CVE-2018-14040.yml | 47 ++++++++++++++++++++++++++++++++++
gems/bootstrap-sass/CVE-2018-14042.yml | 45 ++++++++++++++++++++++++++++++++
gems/bootstrap-sass/CVE-2018-20676.yml | 31 ++++++++++++++++++++++
gems/bootstrap-sass/CVE-2018-20677.yml | 32 +++++++++++++++++++++++
gems/bootstrap-sass/CVE-2024-6484.yml | 23 +++++++++++++++++
gems/bootstrap/CVE-2016-10735.yml | 2 +-
gems/bootstrap/CVE-2018-20676.yml | 31 ++++++++++++++++++++++
gems/bootstrap/CVE-2018-20677.yml | 32 +++++++++++++++++++++++
gems/bootstrap/CVE-2024-6484.yml | 24 +++++++++++++++++
gems/bootstrap/CVE-2024-6531.yml | 24 +++++++++++++++++
gems/grpc/CVE-2023-33953.yml | 47 ++++++++++++++++++++++++++++++++++
gems/rexml/CVE-2024-41123.yml | 36 ++++++++++++++++++++++++++
gems/rexml/CVE-2024-41946.yml | 36 ++++++++++++++++++++++++++
14 files changed, 410 insertions(+), 2 deletions(-)
create mode 100644 gems/bootstrap-sass/CVE-2018-14040.yml
create mode 100644 gems/bootstrap-sass/CVE-2018-14042.yml
create mode 100644 gems/bootstrap-sass/CVE-2018-20676.yml
create mode 100644 gems/bootstrap-sass/CVE-2018-20677.yml
create mode 100644 gems/bootstrap-sass/CVE-2024-6484.yml
create mode 100644 gems/bootstrap/CVE-2018-20676.yml
create mode 100644 gems/bootstrap/CVE-2018-20677.yml
create mode 100644 gems/bootstrap/CVE-2024-6484.yml
create mode 100644 gems/bootstrap/CVE-2024-6531.yml
create mode 100644 gems/grpc/CVE-2023-33953.yml
create mode 100644 gems/rexml/CVE-2024-41123.yml
create mode 100644 gems/rexml/CVE-2024-41946.yml
Already up to date.
Updated ruby-advisory-db
ruby-advisory-db:
advisories: 913 advisories