wiseadvice_public_repos
/
bundle-audit-results
3
0
Fork 0
Code Wiki

commit by to_remotes 2025-03-04 07:32:28 +0100 from cicd

main
cicd 2025-03-04 07:32:28 +01:00
parent 19710d3af7
commit e98d264533
4 changed files with 4 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bundle-audit-time.txt
View File

@ -1 +1 @@
2025-03-04T07:31:06+01:00 2025-03-04T07:32:27+01:00

2
bundle-audit.json
View File

@ -1 +1 @@
{"version":"0.9.2","created_at":"2025-03-04 07:31:06 +0100","results":[{"type":"unpatched_gem","gem":{"name":"uri","version":"1.0.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/uri/CVE-2025-27221.yml","id":"CVE-2025-27221","url":"https://www.cve.org/CVERecord?id=CVE-2025-27221","title":"CVE-2025-27221 - userinfo leakage in URI#join, URI#merge and URI#+.","date":"2025-02-26","description":"\nThere is a possibility for userinfo leakage by in the uri gem.\nThis vulnerability has been assigned the CVE identifier\nCVE-2025-27221. We recommend upgrading the uri gem.\n\n## Details\n\nThe methods URI#join, URI#merge, and URI#+ retained userinfo, such\nas user:password, even after the host is replaced. When generating\na URL to a malicious host from a URL containing secret userinfo\nusing these methods, and having someone access that URL, an\nunintended userinfo leak could occur.\n\nPlease update URI gem to version 0.11.3, 0.12.4, 0.13.2, 1.0.3 or later.\n\n## Affected versions\n\nuri gem versions < 0.11.3, 0.12.0 to 0.12.3, 0.13.0, 0.13.1 and\n1.0.0 to 1.0.2.\n\n## Credits\n\nThanks to Tsubasa Irisawa (lambdasawa) for discovering this issue.\nAlso thanks to nobu for additional fixes of this vulnerability.\n","cvss_v2":null,"cvss_v3":null,"cve":"2025-27221","osvdb":null,"ghsa":null,"unaffected_versions":[],"patched_versions":["~> 0.11.3","~> 0.12.4","~> 0.13.2",">= 1.0.3"],"criticality":null}}]} {"version":"0.9.2","created_at":"2025-03-04 07:32:27 +0100","results":[]}

10
report.txt
View File

@ -1,9 +1 @@
Name: uri No vulnerabilities found
Version: 1.0.2
CVE: CVE-2025-27221
Criticality: Unknown
URL: https://www.cve.org/CVERecord?id=CVE-2025-27221
Title: CVE-2025-27221 - userinfo leakage in URI#join, URI#merge and URI#+.
Solution: update to '~> 0.11.3', '~> 0.12.4', '~> 0.13.2', '>= 1.0.3'
Vulnerabilities found!

10
update-info.txt
View File

@ -1,13 +1,5 @@
Updating ruby-advisory-db ... Updating ruby-advisory-db ...
Updating deb44c6..4b6766f Already up to date.
Fast-forward
gems/cgi/CVE-2025-27219.yml | 36 ++++++++++++++++++++++++++++++++++++
gems/cgi/CVE-2025-27220.yml | 36 ++++++++++++++++++++++++++++++++++++
gems/uri/CVE-2025-27221.yml | 40 ++++++++++++++++++++++++++++++++++++++++
3 files changed, 112 insertions(+)
create mode 100644 gems/cgi/CVE-2025-27219.yml
create mode 100644 gems/cgi/CVE-2025-27220.yml
create mode 100644 gems/uri/CVE-2025-27221.yml
Updated ruby-advisory-db Updated ruby-advisory-db
ruby-advisory-db: ruby-advisory-db:
advisories: 963 advisories advisories: 963 advisories