Skip to content

Commit

Permalink
Add a patched version for CVE-2023-31606
Browse files Browse the repository at this point in the history
  • Loading branch information
@heliocola @postmodern
heliocola authored and postmodern committed Nov 3, 2023
1 parent a89b84a commit 0e7d31c
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion gems/RedCloth/CVE-2023-31606.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,14 @@ description: |
cvss_v3: 7.5
unaffected_versions:
- "< 4.0.0"
notes: "Never patched: vulnerableVersionRange: <= 4.3.2; NVD has no cvss values"
patched_versions:
- ">= 4.3.3"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2023-31606
- https://github.com/e23e/CVE-2023-31606#readme
- https://github.com/jgarber/redcloth/issues/73
- https://github.com/jgarber/redcloth/blob/v4.3.2/lib/redcloth/formatters/html.rb#L327
- https://github.com/advisories/GHSA-qcm3-vfq5-wfr2
- https://github.com/jgarber/redcloth/pull/75
- https://github.com/jgarber/redcloth/blob/v4.3.3/lib/redcloth/formatters/html.rb#L327

0 comments on commit 0e7d31c

Please sign in to comment.