GHSA SYNC: 3 modified and 8 brand new advisories by jasnow · Pull Request #799 · rubysec/ruby-advisory-db

jasnow · 2024-08-02T17:43:41Z

GHSA SYNC: 3 modified and 8 brand new advisories:
Modified:

Brand New: NOTE that several of these CVEs were fixed privately by https://www.herodevs.com company)

* According to the [blog post][1] the affected versions are `>= 4.0.0, <= 4.6.2`, and the [bootstrap gem] has versions after 4.6.2 which contain newer versions of the bootstrap JavaScript library. [1]: https://www.herodevs.com/vulnerability-directory/cve-2024-6531 [bootstrap gem]: https://rubygems.org/gems/bootstrap/versions

* According to the [blog post][1], the affected versions are `>= 2.0.0, <= 3.4.1`, but the [bootstrap gem] has versions after 3.4.1 containing newer versions of the bootstrap JavaScript library. [1]: https://www.herodevs.com/vulnerability-directory/cve-2024-6484 [bootstrap gem]: https://rubygems.org/gems/bootstrap/versions

jasnow and others added 3 commits August 2, 2024 13:40

GHSA SYNC: 3 modified and 8 brand new advisories

6731014

postmodern merged commit 446f848 into rubysec:master Aug 3, 2024

postmodern self-assigned this Aug 3, 2024

postmodern self-requested a review August 3, 2024 02:22

Provide feedback