commit by to_remotes 2024-10-17 09:08:44 +0200 from cicd

bundle-audit-time.txt

@@ -1 +1 @@
-2024-10-16T12:58:40+02:00
+2024-10-17T09:08:44+02:00

report.txt

@@ -1 +1,37 @@
-No vulnerabilities found
+Name: actionmailer
+Version: 7.1.3.4
+CVE: CVE-2024-47889
+GHSA: GHSA-h47h-mwp9-c6q6
+Criticality: Unknown
+URL: https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6
+Title: Possible ReDoS vulnerability in block_format in Action Mailer
+Solution: update to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1'
+
+Name: actionpack
+Version: 7.1.3.4
+CVE: CVE-2024-41128
+GHSA: GHSA-x76w-6vjr-8xgj
+Criticality: Unknown
+URL: https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj
+Title: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
+Solution: update to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1'
+
+Name: actionpack
+Version: 7.1.3.4
+CVE: CVE-2024-47887
+GHSA: GHSA-vfg9-r3fq-jvx4
+Criticality: Unknown
+URL: https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4
+Title: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
+Solution: update to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1'
+
+Name: actiontext
+Version: 7.1.3.4
+CVE: CVE-2024-47888
+GHSA: GHSA-wwhv-wxv9-rpgw
+Criticality: Unknown
+URL: https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw
+Title: Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
+Solution: update to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1'
+
+Vulnerabilities found!

update-info.txt

@@ -1,7 +1,17 @@
 Updating ruby-advisory-db ...
-Already up to date.
+Updating a93d52d..443cfb9
+Fast-forward
+ gems/actionmailer/CVE-2024-47889.yml | 47 ++++++++++++++++++++++++++++++++++
+ gems/actionpack/CVE-2024-41128.yml   | 46 +++++++++++++++++++++++++++++++++
+ gems/actionpack/CVE-2024-47887.yml   | 49 ++++++++++++++++++++++++++++++++++++
+ gems/actiontext/CVE-2024-47888.yml   | 48 +++++++++++++++++++++++++++++++++++
+ 4 files changed, 190 insertions(+)
+ create mode 100644 gems/actionmailer/CVE-2024-47889.yml
+ create mode 100644 gems/actionpack/CVE-2024-41128.yml
+ create mode 100644 gems/actionpack/CVE-2024-47887.yml
+ create mode 100644 gems/actiontext/CVE-2024-47888.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
-  advisories:	938 advisories
-  last updated:	2024-10-09 10:55:24 -0700
-  commit:	a93d52dcd4cfa74522551a07bf8cbe0572b35ef0
+  advisories:	942 advisories
+  last updated:	2024-10-16 11:03:13 -0700
+  commit:	443cfb9e8e4860c471417e16c02ead507dbb1b9a