Sync with GitHub Security Advisories

* Add asciidoctor/CVE-2018-18385 camaleon_cms/CVE-2018-18260 camaleon_cms/CVE-2021-25969
  camaleon_cms/CVE-2021-25970 camaleon_cms/CVE-2021-25971 camaleon_cms/CVE-2021-25972
  ccsv/CVE-2017-15364 commonmarker/GHSA-636f-xm5j-pj9m fluentd/CVE-2017-10906
  git/CVE-2022-47318 gitaly/CVE-2020-13353 hammer_cli_foreman/CVE-2017-2667 katello/CVE-2016-3072
  katello/CVE-2017-2662 katello/CVE-2018-14623 katello/CVE-2018-16887
  mixlib-archive/CVE-2017-1000026 omniauth-weibo-oauth2/CVE-2019-17268 papercrop/CVE-2015-2784
  publify_core/CVE-2023-0569 sanitize/CVE-2023-23627 smalruby-editor/CVE-2017-2096
  smalruby/CVE-2017-2096 smashing/CVE-2021-35440 xapian-core/CVE-2018-0499

* Add missing metadata to following:
  administrate/CVE-2016-3098 clockwork_web/CVE-2023-25015 curupira/CVE-2015-10053
  devise/CVE-2015-8314 jquery-ui-rails/CVE-2016-7103 xaviershay-dm-rails/CVE-2015-2179

gems/administrate/CVE-2016-3098.yml

@@ -1,12 +1,14 @@
 ---
 gem: administrate
 cve: 2016-3098
+ghsa: cc8c-26rj-v2vx
+url: http://seclists.org/oss-sec/2016/q2/0
 title: Cross-site request forgery (CSRF) vulnerability in administrate gem
 date: 2016-04-01
-url: http://seclists.org/oss-sec/2016/q2/0
-description: >-
-  `Administrate::ApplicationController` actions didn't have CSRF
-  protection. Remote attackers can hijack user's sessions and use any
-  functionality that administrate exposes on their behalf.
+description: |
+  "`Administrate::ApplicationController` actions didn't have CSRF protection.
+  Remote attackers can hijack user's sessions and use any functionality that administrate
+  exposes on their behalf."
+cvss_v3: 5.4
 patched_versions:
-- '>= 0.1.5'
+- ">= 0.1.5"

gems/asciidoctor/CVE-2018-18385.yml

@@ -0,0 +1,17 @@
+---
+gem: asciidoctor
+cve: 2018-18385
+ghsa: qc9p-mjxm-j2wj
+url: https://github.com/asciidoctor/asciidoctor/issues/2888
+title: Asciidoctor Infinite Loop vulnerability
+date: 2022-05-13
+description: |
+  Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial
+  of service (infinite loop). The loop was caused by the fact that `Parser.next_block`
+  was not exhausting all the lines in the reader as the while loop expected it would.
+  This was happening because the regular expression that detects any list was not
+  agreeing with the regular expression that detects a specific list type. So the line
+  kept getting pushed back onto the reader, hence causing the loop.
+cvss_v3: 7.5
+patched_versions:
+- ">= 1.5.8"

gems/camaleon_cms/CVE-2018-18260.yml

@@ -0,0 +1,14 @@
+---
+gem: camaleon_cms
+cve: 2018-18260
+ghsa: 7f84-9cqf-g4j9
+url: http://packetstormsecurity.com/files/149772/CAMALEON-CMS-2.4-Cross-Site-Scripting.html
+title: Camaleon CMS vulnerable to Stored Cross-site Scripting
+date: 2022-05-13
+description: |
+  In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The
+  profile image in the User settings section can be run in the update / upload area
+  via `/admin/media/upload?actions=false`.
+cvss_v3: 6.1
+unaffected_versions:
+- "< 2.4"

gems/camaleon_cms/CVE-2021-25969.yml

@@ -0,0 +1,20 @@
+---
+gem: camaleon_cms
+cve: 2021-25969
+ghsa: x78v-4fvj-rg9j
+url: https://github.com/owen2345/camaleon-cms/commit/05506e9087bb05282c0bae6ccfe0283d0332ab3c
+title: Camaleon CMS Stored Cross-site Scripting vulnerability
+date: 2022-05-24
+description: |
+  In “Camaleon CMS” application, versions 0.0.1 through 2.6.0 are vulnerable
+  to stored XSS, that allows unprivileged application users to store malicious scripts
+  in the comments section of the post. These scripts are executed in a victim’s browser
+  when they open the page containing the malicious comment.
+cvss_v3: 6.1
+unaffected_versions:
+- "< 0.0.1"
+patched_versions:
+- ">= 2.6.0.1"
+related:
+  url:
+  - https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25969

gems/camaleon_cms/CVE-2021-25970.yml

@@ -0,0 +1,20 @@
+---
+gem: camaleon_cms
+cve: 2021-25970
+ghsa: 438x-2p9v-g8h9
+url: https://github.com/owen2345/camaleon-cms/commit/77e31bc6cdde7c951fba104aebcd5ebb3f02b030
+title: Camaleon CMS Insufficient Session Expiration vulnerability
+date: 2022-05-24
+description: |
+  Camaleon CMS 0.1.7 through 2.6.0 doesn’t terminate the active session
+  of the users, even after the admin changes the user’s password. A user that was
+  already logged in, will still have access to the application even after the password
+  was changed.
+cvss_v3: 8.8
+unaffected_versions:
+- "< 0.1.7"
+patched_versions:
+- ">= 2.6.0.1"
+related:
+  url:
+  - https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25970

gems/camaleon_cms/CVE-2021-25971.yml

@@ -0,0 +1,19 @@
+---
+gem: camaleon_cms
+cve: 2021-25971
+ghsa: r2w2-h6r8-3r53
+url: https://github.com/owen2345/camaleon-cms/commit/ab89584ab32b98a0af3d711e3f508a1d048147d2
+title: Camaleon CMS vulnerable to Uncaught Exception
+date: 2022-05-24
+description: |
+  In Camaleon CMS, versions 2.0.1 through 2.6.0 are vulnerable to an Uncaught
+  Exception. The app's media upload feature crashes permanently when an attacker with
+  a low privileged access uploads a specially crafted .svg file.
+cvss_v3: 4.3
+unaffected_versions:
+- "< 2.0.1"
+patched_versions:
+- ">= 2.6.0.1"
+related:
+  url:
+  - https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25971

gems/camaleon_cms/CVE-2021-25972.yml

@@ -0,0 +1,21 @@
+---
+gem: camaleon_cms
+cve: 2021-25972
+ghsa: vx6p-q4gj-x6xx
+url: https://github.com/owen2345/camaleon-cms/commit/5a252d537411fdd0127714d66c1d76069dc7e190
+title: Camaleon CMS vulnerable to Server-Side Request Forgery
+date: 2022-05-24
+description: |
+  In Camaleon CMS, versions 2.1.2.0 through 2.6.0, are vulnerable to Server-Side
+  Request Forgery (SSRF) in the media upload feature, which allows admin users to
+  fetch media files from external URLs but fails to validate URLs referencing to localhost
+  or other internal servers. This allows attackers to read files stored in the internal
+  server.
+cvss_v3: 4.9
+unaffected_versions:
+- "< 2.1.2.0"
+patched_versions:
+- ">= 2.6.0.1"
+related:
+  url:
+  - https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25972

gems/ccsv/CVE-2017-15364.yml

@@ -0,0 +1,12 @@
+---
+gem: ccsv
+cve: 2017-15364
+ghsa: 5gxp-c379-pj42
+url: https://github.com/evan/ccsv/issues/15
+title: ccsv Double Free vulnerability
+date: 2022-05-17
+description: |
+  The foreach function in `ext/ccsv.c` in Ccsv 1.1.0 allows remote attackers
+  to cause a denial of service (double free and application crash) or possibly have
+  unspecified other impact via a crafted file.
+cvss_v3: 5.5

gems/clockwork_web/CVE-2023-25015.yml

@@ -1,6 +1,7 @@
 ---
 gem: clockwork_web
 cve: 2023-25015
+ghsa: p4xx-w6fr-c4w9
 url: https://github.com/ankane/clockwork_web/issues/4
 title: CSRF Vulnerability with Rails < 5.2
 date: 2023-02-01
@@ -10,5 +11,6 @@ description: |
   A CSRF attack works by getting an authorized user to visit a malicious website and
   then performing requests on behalf of the user. In this instance, actions include
   enabling and disabling jobs.
+cvss_v3: 6.5
 patched_versions:
 - ">= 0.1.2"

gems/commonmarker/GHSA-636f-xm5j-pj9m.yml

@@ -0,0 +1,38 @@
+---
+gem: commonmarker
+ghsa: 636f-xm5j-pj9m
+url: https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-636f-xm5j-pj9m
+title: Several quadratic complexity bugs may lead to denial of service in Commonmarker
+date: 2023-01-24
+description: |-
+  ## Impact
+
+  Several quadratic complexity bugs in commonmarker's underlying [`cmark-gfm`](https://github.com/github/cmark-gfm)
+  library may lead to unbounded resource exhaustion and subsequent denial of service.
+
+  The following vulnerabilities were addressed:
+
+  * [CVE-2023-22483](https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c)
+  * [CVE-2023-22484](https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r)
+  * [CVE-2023-22485](https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr)
+  * [CVE-2023-22486](https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p)
+
+  For more information, consult the release notes for version
+  [`0.23.0.gfm.7`](https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.7).
+
+  ## Mitigation
+
+  Users are advised to upgrade to commonmarker version [`0.23.7`](https://rubygems.org/gems/commonmarker/versions/0.23.7).
+patched_versions:
+- ">= 0.23.7"
+related:
+  cve:
+  - 2023-22483
+  - 2023-22484
+  - 2023-22485
+  - 2023-22486
+  ghsa:
+  - 29g3-96g3-jg6c
+  - 24f7-9frr-5h2r
+  - c944-cv5f-hpvr
+  - r572-jvj2-3m8p

gems/curupira/CVE-2015-10053.yml

@@ -14,6 +14,7 @@ description: |
   93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the
   affected component. VDB-218394 is the identifier assigned to this
   vulnerability.
+cvss_v3: 9.8
 patched_versions:
 - ">= 0.1.4"
 related:

gems/devise/CVE-2015-8314.yml

@@ -1,6 +1,7 @@
 ---
 gem: devise
 cve: 2015-8314
+ghsa: 746g-3gfp-hfhw
 url: http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/
 title: Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
 date: 2016-01-18
@@ -11,4 +12,4 @@ description: |
   the password frequently, the cookie can be used to gain access to the
   application indefinitely.
 patched_versions:
-- '>= 3.5.4'
+- ">= 3.5.4"

gems/fluentd/CVE-2017-10906.yml

@@ -0,0 +1,21 @@
+---
+gem: fluentd
+cve: 2017-10906
+ghsa: 5jrp-w8fr-mrww
+url: https://github.com/fluent/fluentd/pull/1733
+title: Fluentd Escape Sequence Injection Vulnerability
+date: 2022-05-13
+description: |
+  Escape sequence injection vulnerability in Fluentd versions 0.12.29 through
+  0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands
+  on the device via unspecified vectors.
+cvss_v3: 9.8
+unaffected_versions:
+- "< 0.12.29"
+patched_versions:
+- ">= 0.12.41"
+related:
+  url:
+  - https://access.redhat.com/errata/RHSA-2018:2225
+  - https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes
+  - https://jvn.jp/en/vu/JVNVU95124098/index.html

gems/git/CVE-2022-47318.yml

@@ -0,0 +1,18 @@
+---
+gem: git
+cve: 2022-47318
+ghsa: pphf-gfrm-v32r
+url: https://github.com/ruby-git/ruby-git/pull/602
+title: Code injection in ruby git
+date: 2023-01-17
+description: |
+  ruby-git versions prior to v1.13.0 allows a remote authenticated attacker
+  to execute an arbitrary ruby code by having a user to load a repository containing
+  a specially crafted filename to the product. This vulnerability is different from
+  CVE-2022-46648.
+cvss_v3: 8.0
+patched_versions:
+- ">= 1.13.0"
+related:
+  url:
+  - https://jvn.jp/en/jp/JVN16765254/index.html

gems/gitaly/CVE-2020-13353.yml

@@ -0,0 +1,21 @@
+---
+gem: gitaly
+cve: 2020-13353
+ghsa: mmmm-chjf-jmvw
+url: https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13353.json
+title: Gitaly Insufficient Session Expiration vulnerability
+date: 2022-05-24
+description: |
+  When importing repos via URL, one time use git credentials were persisted
+  beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are:
+  >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
+cvss_v3: 3.2
+unaffected_versions:
+- "< 1.79.0"
+patched_versions:
+- "~> 13.3.9"
+- "~> 13.4.5"
+- ">= 13.5.2"
+related:
+  url:
+  - https://gitlab.com/gitlab-org/gitaly/-/issues/2882

gems/hammer_cli_foreman/CVE-2017-2667.yml

@@ -0,0 +1,20 @@
+---
+gem: hammer_cli_foreman
+cve: 2017-2667
+ghsa: 77h8-xr85-3x5q
+url: https://access.redhat.com/errata/RHSA-2018:0336
+title: hammer_cli_foreman Improper Certificate Validation vulnerability
+date: 2022-05-13
+description: |
+  Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not
+  explicitly set the verify_ssl flag for apipie-bindings that disable it by default.
+  As a result the server certificates are not checked and connections are prone to
+  man-in-the-middle attacks.
+cvss_v3: 8.1
+patched_versions:
+- ">= 0.10.0"
+related:
+  url:
+  - https://bugzilla.redhat.com/show_bug.cgi?id=1436262
+  - http://projects.theforeman.org/issues/19033
+  - http://www.securityfocus.com/bid/97153

gems/jquery-ui-rails/CVE-2016-7103.yml

@@ -2,18 +2,18 @@
 gem: jquery-ui-rails
 framework: rails
 cve: 2016-7103
-date: 2016-08-27
+ghsa: hpcf-8vf9-q4gj
 url: https://github.com/jquery/api.jqueryui.com/issues/281
 title: XSS Vulnerability on closeText option of Dialog jQuery UI
+date: 2016-08-27
 description: |
   Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might
   allow remote attackers to inject arbitrary web script or HTML via the
   closeText parameter of the dialog function.
 cvss_v2: 4.3
 cvss_v3: 6.1
 patched_versions:
-- '>= 6.0.0'
-
+- ">= 6.0.0"
 related:
   url:
   - https://github.com/jquery/jquery-ui/pull/1635

gems/katello/CVE-2016-3072.yml

@@ -0,0 +1,20 @@
+---
+gem: katello
+cve: 2016-3072
+ghsa: 527r-mfmj-prqf
+url: https://github.com/Katello/katello/pull/6051
+title: Katello SQL Injection vulnerabilities
+date: 2022-05-14
+description: |
+  Multiple SQL injection vulnerabilities in the scoped_search function
+  in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated
+  users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.
+cvss_v3: 8.8
+patched_versions:
+- ">= 2.4.3"
+related:
+  url:
+  - https://access.redhat.com/errata/RHSA-2016:1083
+  - https://bugzilla.redhat.com/show_bug.cgi?id=1322050
+  - https://github.com/Katello/katello/commit/5645ed4365980a34e30a9c57fe0793dff729e8e4
+  - https://access.redhat.com/security/cve/CVE-2016-3072

gems/katello/CVE-2017-2662.yml

@@ -0,0 +1,20 @@
+---
+gem: katello
+cve: 2017-2662
+ghsa: cpv6-pfq6-j2v7
+url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662
+title: katello Improper Privilege Management vulnerability
+date: 2022-05-13
+description: |
+  A flaw was found in Foreman's katello plugin version 3.4.5. After setting
+  a new role to allow restricted access on a repository with a filter (filter set
+  on the Product Name), the filter is not respected when the actions are done via
+  hammer using the repository id.
+cvss_v3: 4.3
+patched_versions:
+- ">= 3.17.0.rc1"
+related:
+  url:
+  - https://projects.theforeman.org/issues/18838
+  - https://github.com/Katello/katello/pull/8772
+  - https://github.com/Katello/katello/commit/853260e3e9f94179d5881199e7885d1c08e600f6

gems/katello/CVE-2018-14623.yml

@@ -0,0 +1,18 @@
+---
+gem: katello
+cve: 2018-14623
+ghsa: jx5v-788g-qw58
+url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623
+title: katello SQL Injection vulnerability
+date: 2022-05-13
+description: |
+  A SQL injection flaw was found in katello's errata-related API. An authenticated
+  remote attacker can craft input data to force a malformed SQL query to the backend
+  database, which will leak internal IDs. This is issue is related to an incomplete
+  fix for CVE-2016-3072. Version 3.10 and older is vulnerable.
+cvss_v3: 4.3
+related:
+  url:
+  - https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224
+  ghsa:
+  - 527r-mfmj-prqf