GHSA SYNC: 1 brand new advisory (#963)

jasnow · web-flow · commit aee7a6e074f0 · 2026-01-17T15:48:55.000-08:00
diff --git a/gems/rollout-ui/CVE-2023-25309.yml b/gems/rollout-ui/CVE-2023-25309.yml
@@ -0,0 +1,22 @@
+---
+gem: rollout-ui
+cve: 2023-25309
+ghsa: 5xq9-h3j2-jxvc
+url: https://github.com/advisories/GHSA-5xq9-h3j2-jxvc
+title: Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem v0.5
+date: 2023-05-23
+description: |
+  Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui
+  version 0.5, allows attackers to execute arbitrary code via a
+  crafted url to the delete a **feature** functionality.
+cvss_v3: 6.1
+patched_versions:
+  - ">= 0.5.3"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-25309
+    - https://github.com/fetlife/rollout-ui/releases/tag/v0.5.3
+    - https://github.com/fetlife/rollout-ui/pull/15
+    - https://github.com/fetlife/rollout-ui/pull/15/commits/6d202d2cbcae3dd9b92c1f5ab7be17b48d78c045
+    - https://advisories.gitlab.com/pkg/gem/rollout-ui/CVE-2023-25309
+    - https://github.com/advisories/GHSA-5xq9-h3j2-jxvc
