Skip to content

Commit 5850322

Browse files
authored
Merge pull request #1166 from jasnow/add-cve-ghsa-urls
Added GHSA and NVD.NIST.GOV URLs to 13 existing advisories; Added to ignore file @simi - thanks for reviewing/approving my PR.
2 parents 5c03d53 + 96bd079 commit 5850322

14 files changed

Lines changed: 38 additions & 0 deletions

File tree

gems/addressable/CVE-2021-32740.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,3 +18,7 @@ unaffected_versions:
1818
- "< 2.3.0"
1919
patched_versions:
2020
- ">= 2.8.0"
21+
related:
22+
url:
23+
- https://nvd.nist.gov/vuln/detail/CVE-2021-32740
24+
- https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g

gems/devise-two-factor/CVE-2021-43177.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,4 +24,6 @@ related:
2424
cve:
2525
- 2015-7225
2626
url:
27+
- https://nvd.nist.gov/vuln/detail/CVE-2021-43177
2728
- https://github.com/tinfoil/devise-two-factor/issues/106
29+
- https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-jm35-h8q2-73mp

gems/doorkeeper/CVE-2023-34246.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,4 +32,5 @@ related:
3232
- https://github.com/doorkeeper-gem/doorkeeper/pull/1646
3333
- https://github.com/doorkeeper-gem/doorkeeper/issues/1589
3434
- https://www.rfc-editor.org/rfc/rfc8252#section-8.6
35+
- https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w
3536
- https://github.com/advisories/GHSA-7w2c-w47h-789w

gems/jquery-rails/CVE-2020-11023.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,4 +23,6 @@ patched_versions:
2323
- ">= 4.4.0"
2424
related:
2525
url:
26+
- https://nvd.nist.gov/vuln/detail/CVE-2020-11023
2627
- https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440
28+
- https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6

gems/phlex/CVE-2024-28199.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,4 +82,5 @@ related:
8282
- https://github.com/phlex-ruby/phlex/commit/aa50c604cdee1d0ce7ef068a4c66cbd5d43f96a1
8383
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
8484
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline
85+
- https://github.com/yippee-fun/phlex/security/advisories/GHSA-242p-4v39-2v8g
8586
- https://github.com/advisories/GHSA-242p-4v39-2v8g

gems/phlex/CVE-2024-32463.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,4 +52,5 @@ related:
5252
- https://github.com/phlex-ruby/phlex/commit/9e3f5b980655817993682e409cbda72956d865cb
5353
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
5454
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline
55+
- https://github.com/yippee-fun/phlex/security/advisories/GHSA-g7xq-xv8c-h98c
5556
- https://github.com/advisories/GHSA-g7xq-xv8c-h98c

gems/phlex/CVE-2024-32970.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,4 +72,5 @@ related:
7272
- https://github.com/payloadbox/xss-payload-list
7373
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
7474
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline
75+
- https://github.com/yippee-fun/phlex/security/advisories/GHSA-9p57-h987-4vgx
7576
- https://github.com/advisories/GHSA-9p57-h987-4vgx

gems/rexml/CVE-2024-41123.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,4 +34,6 @@ patched_versions:
3434
- ">= 3.3.3"
3535
related:
3636
url:
37+
- https://nvd.nist.gov/vuln/detail/CVE-2024-41123
3738
- https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123
39+
- https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6

gems/rexml/CVE-2024-41946.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,4 +34,6 @@ patched_versions:
3434
- ">= 3.3.3"
3535
related:
3636
url:
37+
- https://nvd.nist.gov/vuln/detail/CVE-2024-41946
3738
- https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946
39+
- https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4

gems/sanitize/CVE-2023-36823.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,4 +45,5 @@ related:
4545
- https://nvd.nist.gov/vuln/detail/CVE-2023-36823
4646
- https://github.com/rgrove/sanitize/releases/tag/v6.0.2
4747
- https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220
48+
- https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7
4849
- https://github.com/advisories/GHSA-f5ww-cq3m-q3g7

0 commit comments

Comments
 (0)