wiseadvice_public_repos
/
bundle-audit-results
3
0
Fork 0
Code Wiki
bundle-audit-results/bundle-audit.json

1 line
2.2 KiB
JSON
Raw Blame History

{"version":"0.9.1","created_at":"2024-08-14 07:19:06 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-41123.yml","id":"CVE-2024-41123","url":"https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123","title":"DoS vulnerabilities in REXML","date":"2024-08-01","description":"There are some DoS vulnerabilities in REXML gem.\nThese vulnerabilities have been assigned the CVE identifier\nCVE-2024-41123. We strongly recommend upgrading the REXML gem.\n\n## Details\n\nWhen parsing an XML document that has many specific characters such\nas whitespace character, >] and ]>, REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.3 or later.\n\n## Affected versions\n\n* REXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to mprogrammer and scyoon for discovering these issues.\n\n## History\n\nOriginally published at 2024-08-01 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-41123","osvdb":null,"ghsa":"r55c-59qm-vjw6","unaffected_versions":[],"patched_versions":[">= 3.3.3"],"criticality":"medium"}},{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.3.2"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-41946.yml","id":"CVE-2024-41946","url":"https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946","title":"DoS vulnerabilities in REXML","date":"2024-08-01","description":"There is a DoS vulnerability in REXML gem.\nThis vulnerability has been assigned the CVE identifier\nCVE-2024-41946. We strongly recommend upgrading the REXML gem.\n\n## Details\n\nWhen parsing an XML that has many entity expansions with SAX2 or\npull parser API, REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.3 or later.\n\n## Affected versions\n\n* REXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to NAITOH Jun for discovering and fixing this issue.\n\n## History\n\nOriginally published at 2024-08-01 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-41946","osvdb":null,"ghsa":"5866-49gr-22v4","unaffected_versions":[],"patched_versions":[">= 3.3.3"],"criticality":"medium"}}]}
View Git Blame Copy Permalink