bundler-audit 0.7.0.1 → 0.8.0.rc1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (597) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ruby.yml +28 -0
  3. data/.gitignore +1 -0
  4. data/.rspec +1 -1
  5. data/ChangeLog.md +57 -0
  6. data/Gemfile +1 -1
  7. data/README.md +61 -4
  8. data/Rakefile +0 -23
  9. data/bundler-audit.gemspec +0 -7
  10. data/lib/bundler/audit/advisory.rb +12 -1
  11. data/lib/bundler/audit/cli.rb +86 -80
  12. data/lib/bundler/audit/cli/formats.rb +144 -0
  13. data/lib/bundler/audit/cli/formats/json.rb +51 -0
  14. data/lib/bundler/audit/cli/formats/text.rb +116 -0
  15. data/lib/bundler/audit/configuration.rb +101 -0
  16. data/lib/bundler/audit/database.rb +135 -28
  17. data/lib/bundler/audit/report.rb +149 -0
  18. data/lib/bundler/audit/results.rb +19 -0
  19. data/lib/bundler/audit/results/insecure_source.rb +75 -0
  20. data/lib/bundler/audit/results/result.rb +21 -0
  21. data/lib/bundler/audit/results/unpatched_gem.rb +94 -0
  22. data/lib/bundler/audit/scanner.rb +95 -22
  23. data/lib/bundler/audit/task.rb +2 -4
  24. data/lib/bundler/audit/version.rb +1 -1
  25. data/spec/advisory_spec.rb +34 -15
  26. data/spec/bundle/unpatched_gems_with_dot_configuration/.bundler-audit.yml +3 -0
  27. data/spec/bundle/unpatched_gems_with_dot_configuration/Gemfile +3 -0
  28. data/spec/cli/formats/json_spec.rb +113 -0
  29. data/spec/cli/formats/text_spec.rb +179 -0
  30. data/spec/cli/formats_spec.rb +86 -0
  31. data/spec/cli_spec.rb +29 -17
  32. data/spec/configuration_spec.rb +70 -0
  33. data/spec/database_spec.rb +248 -51
  34. data/spec/fixtures/advisory/CVE-2020-1234.yml +19 -0
  35. data/spec/fixtures/{not_a_hash.yml → advisory/not_a_hash.yml} +0 -0
  36. data/spec/fixtures/config/bad/ignore_contains_a_non_string.yml +4 -0
  37. data/spec/fixtures/config/bad/ignore_is_not_an_array.yml +3 -0
  38. data/spec/fixtures/config/valid.yml +4 -0
  39. data/spec/fixtures/lib/bundler/audit/cli/formats/bad.rb +19 -0
  40. data/spec/fixtures/lib/bundler/audit/cli/formats/good.rb +19 -0
  41. data/spec/integration_spec.rb +18 -4
  42. data/spec/report_spec.rb +98 -0
  43. data/spec/results/insecure_source_spec.rb +47 -0
  44. data/spec/results/result_spec.rb +10 -0
  45. data/spec/results/unpatched_gem_spec.rb +123 -0
  46. data/spec/scanner_spec.rb +66 -35
  47. data/spec/spec_helper.rb +38 -25
  48. metadata +31 -554
  49. data/.gitmodules +0 -3
  50. data/.travis.yml +0 -14
  51. data/data/ruby-advisory-db.ts +0 -1
  52. data/data/ruby-advisory-db/.gitignore +0 -1
  53. data/data/ruby-advisory-db/.rspec +0 -1
  54. data/data/ruby-advisory-db/.travis.yml +0 -12
  55. data/data/ruby-advisory-db/CONTRIBUTING.md +0 -71
  56. data/data/ruby-advisory-db/CONTRIBUTORS.md +0 -41
  57. data/data/ruby-advisory-db/Gemfile +0 -11
  58. data/data/ruby-advisory-db/LICENSE.txt +0 -5
  59. data/data/ruby-advisory-db/README.md +0 -133
  60. data/data/ruby-advisory-db/Rakefile +0 -22
  61. data/data/ruby-advisory-db/gems/Arabic-Prawn/CVE-2014-2322.yml +0 -12
  62. data/data/ruby-advisory-db/gems/RedCloth/CVE-2012-6684.yml +0 -21
  63. data/data/ruby-advisory-db/gems/VladTheEnterprising/CVE-2014-4995.yml +0 -13
  64. data/data/ruby-advisory-db/gems/VladTheEnterprising/CVE-2014-4996.yml +0 -13
  65. data/data/ruby-advisory-db/gems/actionmailer/CVE-2013-4389.yml +0 -17
  66. data/data/ruby-advisory-db/gems/actionpack-page_caching/CVE-2020-8159.yml +0 -40
  67. data/data/ruby-advisory-db/gems/actionpack/CVE-2012-1099.yml +0 -26
  68. data/data/ruby-advisory-db/gems/actionpack/CVE-2012-3424.yml +0 -28
  69. data/data/ruby-advisory-db/gems/actionpack/CVE-2012-3463.yml +0 -26
  70. data/data/ruby-advisory-db/gems/actionpack/CVE-2012-3465.yml +0 -23
  71. data/data/ruby-advisory-db/gems/actionpack/CVE-2013-0156.yml +0 -24
  72. data/data/ruby-advisory-db/gems/actionpack/CVE-2013-1855.yml +0 -20
  73. data/data/ruby-advisory-db/gems/actionpack/CVE-2013-1857.yml +0 -23
  74. data/data/ruby-advisory-db/gems/actionpack/CVE-2014-0081.yml +0 -24
  75. data/data/ruby-advisory-db/gems/actionpack/CVE-2014-0082.yml +0 -22
  76. data/data/ruby-advisory-db/gems/actionpack/CVE-2014-0130.yml +0 -23
  77. data/data/ruby-advisory-db/gems/actionpack/CVE-2014-7818.yml +0 -24
  78. data/data/ruby-advisory-db/gems/actionpack/CVE-2014-7829.yml +0 -26
  79. data/data/ruby-advisory-db/gems/actionpack/CVE-2015-7576.yml +0 -119
  80. data/data/ruby-advisory-db/gems/actionpack/CVE-2015-7581.yml +0 -55
  81. data/data/ruby-advisory-db/gems/actionpack/CVE-2016-0751.yml +0 -74
  82. data/data/ruby-advisory-db/gems/actionpack/CVE-2016-0752.yml +0 -96
  83. data/data/ruby-advisory-db/gems/actionpack/CVE-2016-2097.yml +0 -91
  84. data/data/ruby-advisory-db/gems/actionpack/CVE-2016-2098.yml +0 -89
  85. data/data/ruby-advisory-db/gems/actionpack/CVE-2016-6316.yml +0 -57
  86. data/data/ruby-advisory-db/gems/actionpack/CVE-2020-8164.yml +0 -49
  87. data/data/ruby-advisory-db/gems/actionpack/CVE-2020-8166.yml +0 -31
  88. data/data/ruby-advisory-db/gems/actionpack/OSVDB-100524.yml +0 -20
  89. data/data/ruby-advisory-db/gems/actionpack/OSVDB-100525.yml +0 -21
  90. data/data/ruby-advisory-db/gems/actionpack/OSVDB-100526.yml +0 -27
  91. data/data/ruby-advisory-db/gems/actionpack/OSVDB-100527.yml +0 -24
  92. data/data/ruby-advisory-db/gems/actionpack/OSVDB-100528.yml +0 -22
  93. data/data/ruby-advisory-db/gems/actionpack/OSVDB-74616.yml +0 -18
  94. data/data/ruby-advisory-db/gems/actionpack/OSVDB-77199.yml +0 -23
  95. data/data/ruby-advisory-db/gems/actionview/CVE-2016-0752.yml +0 -95
  96. data/data/ruby-advisory-db/gems/actionview/CVE-2016-2097.yml +0 -89
  97. data/data/ruby-advisory-db/gems/actionview/CVE-2016-6316.yml +0 -56
  98. data/data/ruby-advisory-db/gems/actionview/CVE-2019-5418.yml +0 -98
  99. data/data/ruby-advisory-db/gems/actionview/CVE-2019-5419.yml +0 -95
  100. data/data/ruby-advisory-db/gems/actionview/CVE-2020-5267.yml +0 -69
  101. data/data/ruby-advisory-db/gems/actionview/CVE-2020-8163.yml +0 -29
  102. data/data/ruby-advisory-db/gems/actionview/CVE-2020-8167.yml +0 -45
  103. data/data/ruby-advisory-db/gems/active-support/CVE-2018-3779.yml +0 -17
  104. data/data/ruby-advisory-db/gems/activejob/CVE-2018-16476.yml +0 -36
  105. data/data/ruby-advisory-db/gems/activemodel/CVE-2016-0753.yml +0 -95
  106. data/data/ruby-advisory-db/gems/activerecord-jdbc-adapter/OSVDB-114854.yml +0 -20
  107. data/data/ruby-advisory-db/gems/activerecord-oracle_enhanced-adapter/OSVDB-95376.yml +0 -15
  108. data/data/ruby-advisory-db/gems/activerecord/CVE-2012-2660.yml +0 -24
  109. data/data/ruby-advisory-db/gems/activerecord/CVE-2012-2661.yml +0 -25
  110. data/data/ruby-advisory-db/gems/activerecord/CVE-2013-0155.yml +0 -24
  111. data/data/ruby-advisory-db/gems/activerecord/CVE-2013-0276.yml +0 -21
  112. data/data/ruby-advisory-db/gems/activerecord/CVE-2013-0277.yml +0 -23
  113. data/data/ruby-advisory-db/gems/activerecord/CVE-2013-1854.yml +0 -26
  114. data/data/ruby-advisory-db/gems/activerecord/CVE-2014-0080.yml +0 -23
  115. data/data/ruby-advisory-db/gems/activerecord/CVE-2014-3482.yml +0 -23
  116. data/data/ruby-advisory-db/gems/activerecord/CVE-2014-3483.yml +0 -24
  117. data/data/ruby-advisory-db/gems/activerecord/CVE-2014-3514.yml +0 -23
  118. data/data/ruby-advisory-db/gems/activerecord/CVE-2015-7577.yml +0 -110
  119. data/data/ruby-advisory-db/gems/activerecord/CVE-2016-6317.yml +0 -73
  120. data/data/ruby-advisory-db/gems/activerecord/OSVDB-88661.yml +0 -20
  121. data/data/ruby-advisory-db/gems/activeresource/CVE-2020-8151.yml +0 -48
  122. data/data/ruby-advisory-db/gems/activeresource/OSVDB-95749.yml +0 -15
  123. data/data/ruby-advisory-db/gems/activestorage/CVE-2018-16477.yml +0 -43
  124. data/data/ruby-advisory-db/gems/activestorage/CVE-2020-8162.yml +0 -31
  125. data/data/ruby-advisory-db/gems/activesupport/CVE-2012-1098.yml +0 -26
  126. data/data/ruby-advisory-db/gems/activesupport/CVE-2012-3464.yml +0 -23
  127. data/data/ruby-advisory-db/gems/activesupport/CVE-2013-0333.yml +0 -25
  128. data/data/ruby-advisory-db/gems/activesupport/CVE-2013-1856.yml +0 -28
  129. data/data/ruby-advisory-db/gems/activesupport/CVE-2015-3226.yml +0 -55
  130. data/data/ruby-advisory-db/gems/activesupport/CVE-2015-3227.yml +0 -33
  131. data/data/ruby-advisory-db/gems/activesupport/CVE-2020-8165.yml +0 -41
  132. data/data/ruby-advisory-db/gems/administrate/CVE-2016-3098.yml +0 -14
  133. data/data/ruby-advisory-db/gems/administrate/CVE-2020-5257.yml +0 -24
  134. data/data/ruby-advisory-db/gems/aescrypt/CVE-2013-7463.yml +0 -10
  135. data/data/ruby-advisory-db/gems/airbrake-ruby/CVE-2019-16060.yml +0 -18
  136. data/data/ruby-advisory-db/gems/archive-tar-minitar/CVE-2016-10173.yml +0 -16
  137. data/data/ruby-advisory-db/gems/as/OSVDB-112683.yml +0 -10
  138. data/data/ruby-advisory-db/gems/authlogic/CVE-2012-6497.yml +0 -15
  139. data/data/ruby-advisory-db/gems/auto_awesomplete/OSVDB-132800.yml +0 -11
  140. data/data/ruby-advisory-db/gems/auto_select2/OSVDB-132800.yml +0 -13
  141. data/data/ruby-advisory-db/gems/awesome-bot/CVE-2019-15224.yml +0 -19
  142. data/data/ruby-advisory-db/gems/awesome_spawn/CVE-2014-0156.yml +0 -19
  143. data/data/ruby-advisory-db/gems/backup-agoddard/CVE-2014-4993.yml +0 -8
  144. data/data/ruby-advisory-db/gems/backup_checksum/CVE-2014-4993.yml +0 -12
  145. data/data/ruby-advisory-db/gems/backup_checksum/OSVDB-108570.yml +0 -10
  146. data/data/ruby-advisory-db/gems/bcrypt-ruby/OSVDB-62067.yml +0 -19
  147. data/data/ruby-advisory-db/gems/bcrypt/OSVDB-62067.yml +0 -17
  148. data/data/ruby-advisory-db/gems/bibtex-ruby/CVE-2019-10780.yml +0 -16
  149. data/data/ruby-advisory-db/gems/bio-basespace-sdk/CVE-2013-7111.yml +0 -8
  150. data/data/ruby-advisory-db/gems/bitcoin_vanity/CVE-2019-15224.yml +0 -18
  151. data/data/ruby-advisory-db/gems/blockchain_wallet/CVE-2019-15224.yml +0 -19
  152. data/data/ruby-advisory-db/gems/bootstrap-sass/CVE-2016-10735.yml +0 -20
  153. data/data/ruby-advisory-db/gems/bootstrap-sass/CVE-2019-10842.yml +0 -25
  154. data/data/ruby-advisory-db/gems/bootstrap-sass/CVE-2019-8331.yml +0 -20
  155. data/data/ruby-advisory-db/gems/bootstrap/CVE-2016-10735.yml +0 -20
  156. data/data/ruby-advisory-db/gems/bootstrap/CVE-2018-14040.yml +0 -24
  157. data/data/ruby-advisory-db/gems/bootstrap/CVE-2019-8331.yml +0 -20
  158. data/data/ruby-advisory-db/gems/brakeman/CVE-2019-18409.yml +0 -26
  159. data/data/ruby-advisory-db/gems/brbackup/CVE-2014-5004.yml +0 -11
  160. data/data/ruby-advisory-db/gems/brbackup/OSVDB-108899.yml +0 -12
  161. data/data/ruby-advisory-db/gems/brbackup/OSVDB-108900.yml +0 -11
  162. data/data/ruby-advisory-db/gems/bson/CVE-2015-4411.yml +0 -21
  163. data/data/ruby-advisory-db/gems/bson/CVE-2015-4412.yml +0 -18
  164. data/data/ruby-advisory-db/gems/builder/OSVDB-95668.yml +0 -13
  165. data/data/ruby-advisory-db/gems/bundler/CVE-2013-0334.yml +0 -15
  166. data/data/ruby-advisory-db/gems/bundler/OSVDB-115090.yml +0 -13
  167. data/data/ruby-advisory-db/gems/bundler/OSVDB-115091.yml +0 -12
  168. data/data/ruby-advisory-db/gems/bundler/OSVDB-115917.yml +0 -12
  169. data/data/ruby-advisory-db/gems/cairo/CVE-2017-7475.yml +0 -15
  170. data/data/ruby-advisory-db/gems/cap-strap/CVE-2014-4992.yml +0 -8
  171. data/data/ruby-advisory-db/gems/cap-strap/OSVDB-108575.yml +0 -7
  172. data/data/ruby-advisory-db/gems/capistrano-colors/CVE-2019-15224.yml +0 -19
  173. data/data/ruby-advisory-db/gems/chartkick/CVE-2019-12732.yml +0 -21
  174. data/data/ruby-advisory-db/gems/chartkick/CVE-2019-18841.yml +0 -13
  175. data/data/ruby-advisory-db/gems/chloride/CVE-2018-6517.yml +0 -17
  176. data/data/ruby-advisory-db/gems/ciborg/CVE-2014-5003.yml +0 -8
  177. data/data/ruby-advisory-db/gems/cocaine/CVE-2013-4457.yml +0 -15
  178. data/data/ruby-advisory-db/gems/codders-dataset/CVE-2014-4991.yml +0 -8
  179. data/data/ruby-advisory-db/gems/coin_base/CVE-2019-15224.yml +0 -18
  180. data/data/ruby-advisory-db/gems/colorscore/CVE-2015-7541.yml +0 -21
  181. data/data/ruby-advisory-db/gems/coming-soon/CVE-2019-15224.yml +0 -18
  182. data/data/ruby-advisory-db/gems/command_wrap/CVE-2013-1875.yml +0 -9
  183. data/data/ruby-advisory-db/gems/consul/CVE-2019-16377.yml +0 -15
  184. data/data/ruby-advisory-db/gems/crack/CVE-2013-1800.yml +0 -17
  185. data/data/ruby-advisory-db/gems/cremefraiche/CVE-2013-2090.yml +0 -11
  186. data/data/ruby-advisory-db/gems/cron_parser/CVE-2019-15224.yml +0 -20
  187. data/data/ruby-advisory-db/gems/curb/OSVDB-114600.yml +0 -12
  188. data/data/ruby-advisory-db/gems/curl/CVE-2013-2617.yml +0 -13
  189. data/data/ruby-advisory-db/gems/datagrid/CVE-2019-14281.yml +0 -14
  190. data/data/ruby-advisory-db/gems/delayed_job_web/CVE-2017-12097.yml +0 -17
  191. data/data/ruby-advisory-db/gems/devise-two-factor/CVE-2015-7225.yml +0 -22
  192. data/data/ruby-advisory-db/gems/devise/CVE-2013-0233.yml +0 -20
  193. data/data/ruby-advisory-db/gems/devise/CVE-2015-8314.yml +0 -14
  194. data/data/ruby-advisory-db/gems/devise/CVE-2019-16109.yml +0 -13
  195. data/data/ruby-advisory-db/gems/devise/CVE-2019-5421.yml +0 -16
  196. data/data/ruby-advisory-db/gems/devise/OSVDB-114435.yml +0 -17
  197. data/data/ruby-advisory-db/gems/doge-coin/CVE-2019-15224.yml +0 -19
  198. data/data/ruby-advisory-db/gems/doorkeeper-openid_connect/CVE-2019-9837.yml +0 -16
  199. data/data/ruby-advisory-db/gems/doorkeeper/CVE-2014-8144.yml +0 -26
  200. data/data/ruby-advisory-db/gems/doorkeeper/CVE-2016-6582.yml +0 -43
  201. data/data/ruby-advisory-db/gems/doorkeeper/CVE-2018-1000088.yml +0 -39
  202. data/data/ruby-advisory-db/gems/doorkeeper/CVE-2018-1000211.yml +0 -39
  203. data/data/ruby-advisory-db/gems/doorkeeper/CVE-2020-10187.yml +0 -34
  204. data/data/ruby-advisory-db/gems/doorkeeper/OSVDB-118830.yml +0 -17
  205. data/data/ruby-advisory-db/gems/dragonfly/CVE-2013-1756.yml +0 -16
  206. data/data/ruby-advisory-db/gems/dragonfly/CVE-2013-5671.yml +0 -14
  207. data/data/ruby-advisory-db/gems/dragonfly/OSVDB-110439.yml +0 -13
  208. data/data/ruby-advisory-db/gems/dragonfly/OSVDB-97854.yml +0 -12
  209. data/data/ruby-advisory-db/gems/easymon/CVE-2018-1000855.yml +0 -16
  210. data/data/ruby-advisory-db/gems/echor/CVE-2014-1834.yml +0 -12
  211. data/data/ruby-advisory-db/gems/echor/CVE-2014-1835.yml +0 -11
  212. data/data/ruby-advisory-db/gems/ember-source/CVE-2013-4170.yml +0 -25
  213. data/data/ruby-advisory-db/gems/ember-source/CVE-2014-0013.yml +0 -33
  214. data/data/ruby-advisory-db/gems/ember-source/CVE-2014-0014.yml +0 -30
  215. data/data/ruby-advisory-db/gems/ember-source/CVE-2014-0046.yml +0 -26
  216. data/data/ruby-advisory-db/gems/ember-source/CVE-2015-1866.yml +0 -26
  217. data/data/ruby-advisory-db/gems/ember-source/CVE-2015-7565.yml +0 -30
  218. data/data/ruby-advisory-db/gems/enum_column3/OSVDB-94679.yml +0 -9
  219. data/data/ruby-advisory-db/gems/espeak-ruby/CVE-2016-10193.yml +0 -15
  220. data/data/ruby-advisory-db/gems/excon/CVE-2019-16779.yml +0 -23
  221. data/data/ruby-advisory-db/gems/extlib/CVE-2013-1802.yml +0 -18
  222. data/data/ruby-advisory-db/gems/fastreader/CVE-2013-2615.yml +0 -13
  223. data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2013-7222.yml +0 -17
  224. data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2013-7223.yml +0 -19
  225. data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2013-7224.yml +0 -17
  226. data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2013-7225.yml +0 -19
  227. data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2013-7249.yml +0 -16
  228. data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2014-5441.yml +0 -19
  229. data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2015-1585.yml +0 -17
  230. data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2018-1000842.yml +0 -23
  231. data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2018-20975.yml +0 -12
  232. data/data/ruby-advisory-db/gems/faye/CVE-2020-11020.yml +0 -91
  233. data/data/ruby-advisory-db/gems/features/CVE-2013-4318.yml +0 -8
  234. data/data/ruby-advisory-db/gems/festivaltts4r/CVE-2016-10194.yml +0 -12
  235. data/data/ruby-advisory-db/gems/ffi/CVE-2018-1000201.yml +0 -22
  236. data/data/ruby-advisory-db/gems/field_test/CVE-2019-13146.yml +0 -20
  237. data/data/ruby-advisory-db/gems/fileutils/CVE-2013-2516.yml +0 -11
  238. data/data/ruby-advisory-db/gems/fileutils/OSVDB-90715.yml +0 -7
  239. data/data/ruby-advisory-db/gems/fileutils/OSVDB-90716.yml +0 -7
  240. data/data/ruby-advisory-db/gems/fileutils/OSVDB-90718.yml +0 -7
  241. data/data/ruby-advisory-db/gems/flash_tool/CVE-2013-2513.yml +0 -8
  242. data/data/ruby-advisory-db/gems/flavour_saver/OSVDB-110796.yml +0 -14
  243. data/data/ruby-advisory-db/gems/flukso4r/OSVDB-101577.yml +0 -7
  244. data/data/ruby-advisory-db/gems/fog-dragonfly/CVE-2013-1756.yml +0 -18
  245. data/data/ruby-advisory-db/gems/fog-dragonfly/CVE-2013-5671.yml +0 -16
  246. data/data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-110439.yml +0 -15
  247. data/data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-97854.yml +0 -12
  248. data/data/ruby-advisory-db/gems/ftpd/CVE-2013-2512.yml +0 -18
  249. data/data/ruby-advisory-db/gems/geminabox/CVE-2017-16792.yml +0 -21
  250. data/data/ruby-advisory-db/gems/gemirro/CVE-2017-16833.yml +0 -22
  251. data/data/ruby-advisory-db/gems/git-fastclone/CVE-2015-8968.yml +0 -21
  252. data/data/ruby-advisory-db/gems/git-fastclone/CVE-2015-8969.yml +0 -13
  253. data/data/ruby-advisory-db/gems/gitlab-grit/CVE-2013-4489.yml +0 -14
  254. data/data/ruby-advisory-db/gems/gnms/OSVDB-108594.yml +0 -7
  255. data/data/ruby-advisory-db/gems/gollum-grit_adapter/CVE-2014-9489.yml +0 -23
  256. data/data/ruby-advisory-db/gems/gollum/CVE-2015-7314.yml +0 -13
  257. data/data/ruby-advisory-db/gems/grape/CVE-2018-3769.yml +0 -20
  258. data/data/ruby-advisory-db/gems/gtk2/CVE-2007-6183.yml +0 -20
  259. data/data/ruby-advisory-db/gems/gyazo/CVE-2014-4994.yml +0 -10
  260. data/data/ruby-advisory-db/gems/haml/CVE-2017-1002201.yml +0 -19
  261. data/data/ruby-advisory-db/gems/handlebars-source/OSVDB-131671.yml +0 -17
  262. data/data/ruby-advisory-db/gems/http/CVE-2015-1828.yml +0 -14
  263. data/data/ruby-advisory-db/gems/httparty/CVE-2013-1801.yml +0 -14
  264. data/data/ruby-advisory-db/gems/i18n/CVE-2014-10077.yml +0 -18
  265. data/data/ruby-advisory-db/gems/i18n/OSVDB-100528.yml +0 -17
  266. data/data/ruby-advisory-db/gems/iodine/GHSA-85rf-xh54-whp3.yml +0 -21
  267. data/data/ruby-advisory-db/gems/jekyll/CVE-2018-17567.yml +0 -14
  268. data/data/ruby-advisory-db/gems/jquery-rails/CVE-2015-1840.yml +0 -36
  269. data/data/ruby-advisory-db/gems/jquery-rails/CVE-2019-11358.yml +0 -24
  270. data/data/ruby-advisory-db/gems/jquery-ui-rails/CVE-2016-7103.yml +0 -23
  271. data/data/ruby-advisory-db/gems/jquery-ujs/CVE-2015-1840.yml +0 -35
  272. data/data/ruby-advisory-db/gems/jruby-openssl/CVE-2009-4123.yml +0 -16
  273. data/data/ruby-advisory-db/gems/jruby-sandbox/OSVDB-106279.yml +0 -12
  274. data/data/ruby-advisory-db/gems/json-jwt/CVE-2018-1000539.yml +0 -21
  275. data/data/ruby-advisory-db/gems/json-jwt/CVE-2019-18848.yml +0 -15
  276. data/data/ruby-advisory-db/gems/json/CVE-2013-0269.yml +0 -20
  277. data/data/ruby-advisory-db/gems/json/CVE-2020-10663.yml +0 -35
  278. data/data/ruby-advisory-db/gems/json/OSVDB-101157.yml +0 -14
  279. data/data/ruby-advisory-db/gems/kafo/CVE-2014-0135.yml +0 -15
  280. data/data/ruby-advisory-db/gems/kajam/CVE-2014-4999.yml +0 -12
  281. data/data/ruby-advisory-db/gems/kajam/OSVDB-108530.yml +0 -11
  282. data/data/ruby-advisory-db/gems/kaminari/CVE-2020-11082.yml +0 -34
  283. data/data/ruby-advisory-db/gems/karo/OSVDB-108573.yml +0 -10
  284. data/data/ruby-advisory-db/gems/karteek-docsplit/CVE-2013-1933.yml +0 -9
  285. data/data/ruby-advisory-db/gems/kcapifony/CVE-2014-5001.yml +0 -8
  286. data/data/ruby-advisory-db/gems/kcapifony/OSVDB-108572.yml +0 -7
  287. data/data/ruby-advisory-db/gems/kelredd-pruview/CVE-2013-1947.yml +0 -9
  288. data/data/ruby-advisory-db/gems/kompanee-recipes/OSVDB-108593.yml +0 -12
  289. data/data/ruby-advisory-db/gems/lawn-login/CVE-2014-5000.yml +0 -8
  290. data/data/ruby-advisory-db/gems/ldap_fluff/CVE-2012-5604.yml +0 -15
  291. data/data/ruby-advisory-db/gems/ldoce/CVE-2013-1911.yml +0 -9
  292. data/data/ruby-advisory-db/gems/lean-ruport/CVE-2014-4998.yml +0 -8
  293. data/data/ruby-advisory-db/gems/lingq/OSVDB-108585.yml +0 -7
  294. data/data/ruby-advisory-db/gems/lita_coin/CVE-2019-15224.yml +0 -18
  295. data/data/ruby-advisory-db/gems/loofah/CVE-2018-16468.yml +0 -16
  296. data/data/ruby-advisory-db/gems/loofah/CVE-2018-8048.yml +0 -11
  297. data/data/ruby-advisory-db/gems/loofah/CVE-2019-15587.yml +0 -13
  298. data/data/ruby-advisory-db/gems/loofah/OSVDB-90945.yml +0 -21
  299. data/data/ruby-advisory-db/gems/lynx/CVE-2014-5002.yml +0 -11
  300. data/data/ruby-advisory-db/gems/lynx/OSVDB-108579.yml +0 -7
  301. data/data/ruby-advisory-db/gems/mail/CVE-2011-0739.yml +0 -21
  302. data/data/ruby-advisory-db/gems/mail/CVE-2012-2139.yml +0 -14
  303. data/data/ruby-advisory-db/gems/mail/CVE-2012-2140.yml +0 -16
  304. data/data/ruby-advisory-db/gems/mail/CVE-2015-9097.yml +0 -26
  305. data/data/ruby-advisory-db/gems/mapbox-rails/OSVDB-129854.yml +0 -25
  306. data/data/ruby-advisory-db/gems/mapbox-rails/OSVDB-132871.yml +0 -26
  307. data/data/ruby-advisory-db/gems/marginalia/CVE-2019-1010191.yml +0 -17
  308. data/data/ruby-advisory-db/gems/matestack-ui-core/CVE-2020-5241.yml +0 -18
  309. data/data/ruby-advisory-db/gems/md2pdf/CVE-2013-1948.yml +0 -9
  310. data/data/ruby-advisory-db/gems/mini_magick/CVE-2013-2616.yml +0 -15
  311. data/data/ruby-advisory-db/gems/mini_magick/CVE-2019-13574.yml +0 -14
  312. data/data/ruby-advisory-db/gems/minitar/CVE-2016-10173.yml +0 -20
  313. data/data/ruby-advisory-db/gems/moped/CVE-2015-4410.yml +0 -17
  314. data/data/ruby-advisory-db/gems/multi_xml/CVE-2013-0175.yml +0 -16
  315. data/data/ruby-advisory-db/gems/mustache-js-rails/OSVDB-131671.yml +0 -17
  316. data/data/ruby-advisory-db/gems/mysql-binuuid-rails/CVE-2018-18476.yml +0 -21
  317. data/data/ruby-advisory-db/gems/net-ldap/CVE-2014-0083.yml +0 -14
  318. data/data/ruby-advisory-db/gems/net-ldap/CVE-2017-17718.yml +0 -17
  319. data/data/ruby-advisory-db/gems/netaddr/CVE-2019-17383.yml +0 -13
  320. data/data/ruby-advisory-db/gems/newrelic_rpm/CVE-2013-0284.yml +0 -17
  321. data/data/ruby-advisory-db/gems/nokogiri/CVE-2012-6685.yml +0 -15
  322. data/data/ruby-advisory-db/gems/nokogiri/CVE-2013-6460.yml +0 -18
  323. data/data/ruby-advisory-db/gems/nokogiri/CVE-2013-6461.yml +0 -15
  324. data/data/ruby-advisory-db/gems/nokogiri/CVE-2015-1819.yml +0 -52
  325. data/data/ruby-advisory-db/gems/nokogiri/CVE-2015-5312.yml +0 -92
  326. data/data/ruby-advisory-db/gems/nokogiri/CVE-2015-7499.yml +0 -37
  327. data/data/ruby-advisory-db/gems/nokogiri/CVE-2015-8806.yml +0 -42
  328. data/data/ruby-advisory-db/gems/nokogiri/CVE-2016-4658.yml +0 -33
  329. data/data/ruby-advisory-db/gems/nokogiri/CVE-2017-15412.yml +0 -23
  330. data/data/ruby-advisory-db/gems/nokogiri/CVE-2017-16932.yml +0 -21
  331. data/data/ruby-advisory-db/gems/nokogiri/CVE-2017-5029.yml +0 -44
  332. data/data/ruby-advisory-db/gems/nokogiri/CVE-2017-9050.yml +0 -60
  333. data/data/ruby-advisory-db/gems/nokogiri/CVE-2018-14404.yml +0 -69
  334. data/data/ruby-advisory-db/gems/nokogiri/CVE-2018-8048.yml +0 -36
  335. data/data/ruby-advisory-db/gems/nokogiri/CVE-2019-11068.yml +0 -49
  336. data/data/ruby-advisory-db/gems/nokogiri/CVE-2019-13117.yml +0 -80
  337. data/data/ruby-advisory-db/gems/nokogiri/CVE-2019-5477.yml +0 -31
  338. data/data/ruby-advisory-db/gems/nokogiri/CVE-2020-7595.yml +0 -20
  339. data/data/ruby-advisory-db/gems/nokogiri/OSVDB-118481.yml +0 -15
  340. data/data/ruby-advisory-db/gems/nori/CVE-2013-0285.yml +0 -19
  341. data/data/ruby-advisory-db/gems/omniauth-facebook/CVE-2013-4562.yml +0 -22
  342. data/data/ruby-advisory-db/gems/omniauth-facebook/CVE-2013-4593.yml +0 -17
  343. data/data/ruby-advisory-db/gems/omniauth-oauth2/CVE-2012-6134.yml +0 -16
  344. data/data/ruby-advisory-db/gems/omniauth-saml/CVE-2017-11430.yml +0 -17
  345. data/data/ruby-advisory-db/gems/omniauth/CVE-2015-9284.yml +0 -25
  346. data/data/ruby-advisory-db/gems/omniauth/CVE-2017-18076.yml +0 -18
  347. data/data/ruby-advisory-db/gems/omniauth_amazon/CVE-2019-15224.yml +0 -19
  348. data/data/ruby-advisory-db/gems/open-uri-cached/OSVDB-121701.yml +0 -13
  349. data/data/ruby-advisory-db/gems/openssl/CVE-2016-7798.yml +0 -16
  350. data/data/ruby-advisory-db/gems/ox/CVE-2017-15928.yml +0 -16
  351. data/data/ruby-advisory-db/gems/ox/CVE-2017-16229.yml +0 -16
  352. data/data/ruby-advisory-db/gems/padrino-contrib/CVE-2019-16145.yml +0 -11
  353. data/data/ruby-advisory-db/gems/paperclip/CVE-2015-2963.yml +0 -16
  354. data/data/ruby-advisory-db/gems/paperclip/CVE-2017-0889.yml +0 -23
  355. data/data/ruby-advisory-db/gems/paperclip/OSVDB-103151.yml +0 -13
  356. data/data/ruby-advisory-db/gems/paranoid2/CVE-2019-13589.yml +0 -16
  357. data/data/ruby-advisory-db/gems/paratrooper-newrelic/CVE-2014-1234.yml +0 -13
  358. data/data/ruby-advisory-db/gems/paratrooper-pingdom/CVE-2014-1233.yml +0 -13
  359. data/data/ruby-advisory-db/gems/passenger/CVE-2013-2119.yml +0 -15
  360. data/data/ruby-advisory-db/gems/passenger/CVE-2013-4136.yml +0 -14
  361. data/data/ruby-advisory-db/gems/passenger/CVE-2014-1831.yml +0 -13
  362. data/data/ruby-advisory-db/gems/passenger/CVE-2014-1832.yml +0 -13
  363. data/data/ruby-advisory-db/gems/passenger/CVE-2015-7519.yml +0 -17
  364. data/data/ruby-advisory-db/gems/passenger/CVE-2016-10345.yml +0 -17
  365. data/data/ruby-advisory-db/gems/passenger/OSVDB-90738.yml +0 -16
  366. data/data/ruby-advisory-db/gems/pdfkit/CVE-2013-1607.yml +0 -11
  367. data/data/ruby-advisory-db/gems/point-cli/CVE-2014-4997.yml +0 -8
  368. data/data/ruby-advisory-db/gems/private_address_check/CVE-2017-0904.yml +0 -17
  369. data/data/ruby-advisory-db/gems/private_address_check/CVE-2017-0909.yml +0 -15
  370. data/data/ruby-advisory-db/gems/private_address_check/CVE-2018-3759.yml +0 -14
  371. data/data/ruby-advisory-db/gems/puma/CVE-2019-16770.yml +0 -21
  372. data/data/ruby-advisory-db/gems/puma/CVE-2020-11076.yml +0 -22
  373. data/data/ruby-advisory-db/gems/puma/CVE-2020-11077.yml +0 -31
  374. data/data/ruby-advisory-db/gems/puma/CVE-2020-5247.yml +0 -25
  375. data/data/ruby-advisory-db/gems/puma/CVE-2020-5249.yml +0 -36
  376. data/data/ruby-advisory-db/gems/quick_magick/OSVDB-106954.yml +0 -7
  377. data/data/ruby-advisory-db/gems/rack-attack/OSVDB-132234.yml +0 -26
  378. data/data/ruby-advisory-db/gems/rack-cache/CVE-2012-2671.yml +0 -18
  379. data/data/ruby-advisory-db/gems/rack-cors/CVE-2017-11173.yml +0 -21
  380. data/data/ruby-advisory-db/gems/rack-cors/CVE-2019-18978.yml +0 -13
  381. data/data/ruby-advisory-db/gems/rack-mini-profiler/CVE-2016-4442.yml +0 -17
  382. data/data/ruby-advisory-db/gems/rack-protection/CVE-2018-1000119.yml +0 -18
  383. data/data/ruby-advisory-db/gems/rack-protection/CVE-2018-7212.yml +0 -12
  384. data/data/ruby-advisory-db/gems/rack-ssl/CVE-2014-2538.yml +0 -11
  385. data/data/ruby-advisory-db/gems/rack/CVE-2011-5036.yml +0 -21
  386. data/data/ruby-advisory-db/gems/rack/CVE-2012-6109.yml +0 -21
  387. data/data/ruby-advisory-db/gems/rack/CVE-2013-0183.yml +0 -19
  388. data/data/ruby-advisory-db/gems/rack/CVE-2013-0184.yml +0 -20
  389. data/data/ruby-advisory-db/gems/rack/CVE-2013-0262.yml +0 -18
  390. data/data/ruby-advisory-db/gems/rack/CVE-2013-0263.yml +0 -23
  391. data/data/ruby-advisory-db/gems/rack/CVE-2015-3225.yml +0 -18
  392. data/data/ruby-advisory-db/gems/rack/CVE-2018-16470.yml +0 -56
  393. data/data/ruby-advisory-db/gems/rack/CVE-2018-16471.yml +0 -80
  394. data/data/ruby-advisory-db/gems/rack/CVE-2019-16782.yml +0 -32
  395. data/data/ruby-advisory-db/gems/rack/CVE-2020-8161.yml +0 -32
  396. data/data/ruby-advisory-db/gems/radiant/CVE-2018-5216.yml +0 -12
  397. data/data/ruby-advisory-db/gems/radiant/CVE-2018-7261.yml +0 -13
  398. data/data/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2015-7578.yml +0 -47
  399. data/data/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2015-7579.yml +0 -75
  400. data/data/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2015-7580.yml +0 -70
  401. data/data/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2018-3741.yml +0 -20
  402. data/data/ruby-advisory-db/gems/rails_admin/CVE-2016-10522.yml +0 -21
  403. data/data/ruby-advisory-db/gems/rails_admin/CVE-2017-12098.yml +0 -22
  404. data/data/ruby-advisory-db/gems/railties/CVE-2019-5420.yml +0 -49
  405. data/data/ruby-advisory-db/gems/rake/CVE-2020-8130.yml +0 -18
  406. data/data/ruby-advisory-db/gems/rbovirt/CVE-2014-0036.yml +0 -20
  407. data/data/ruby-advisory-db/gems/rdoc/CVE-2013-0256.yml +0 -27
  408. data/data/ruby-advisory-db/gems/recurly/CVE-2017-0905.yml +0 -35
  409. data/data/ruby-advisory-db/gems/redcarpet/CVE-2015-5147.yml +0 -17
  410. data/data/ruby-advisory-db/gems/redcarpet/OSVDB-120415.yml +0 -16
  411. data/data/ruby-advisory-db/gems/redis-namespace/OSVDB-96425.yml +0 -15
  412. data/data/ruby-advisory-db/gems/redis-store/CVE-2017-1000248.yml +0 -17
  413. data/data/ruby-advisory-db/gems/refile/OSVDB-120857.yml +0 -16
  414. data/data/ruby-advisory-db/gems/rest-client/CVE-2015-1820.yml +0 -23
  415. data/data/ruby-advisory-db/gems/rest-client/CVE-2015-3448.yml +0 -15
  416. data/data/ruby-advisory-db/gems/rest-client/CVE-2019-15224.yml +0 -13
  417. data/data/ruby-advisory-db/gems/restforce/CVE-2018-3777.yml +0 -36
  418. data/data/ruby-advisory-db/gems/rexical/CVE-2019-5477.yml +0 -21
  419. data/data/ruby-advisory-db/gems/rgpg/CVE-2013-4203.yml +0 -15
  420. data/data/ruby-advisory-db/gems/rubocop/CVE-2017-8418.yml +0 -20
  421. data/data/ruby-advisory-db/gems/ruby-openid/CVE-2019-11027.yml +0 -16
  422. data/data/ruby-advisory-db/gems/ruby-saml/CVE-2016-5697.yml +0 -20
  423. data/data/ruby-advisory-db/gems/ruby-saml/CVE-2017-11428.yml +0 -27
  424. data/data/ruby-advisory-db/gems/ruby-saml/OSVDB-117903.yml +0 -13
  425. data/data/ruby-advisory-db/gems/ruby-saml/OSVDB-124383.yml +0 -11
  426. data/data/ruby-advisory-db/gems/ruby-saml/OSVDB-124991.yml +0 -13
  427. data/data/ruby-advisory-db/gems/ruby_parser-legacy/CVE-2019-18409.yml +0 -16
  428. data/data/ruby-advisory-db/gems/ruby_parser/CVE-2013-0162.yml +0 -11
  429. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2007-0469.yml +0 -18
  430. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2012-2125.yml +0 -17
  431. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2012-2126.yml +0 -15
  432. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2013-4287.yml +0 -20
  433. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2013-4363.yml +0 -21
  434. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2015-3900.yml +0 -20
  435. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2015-4020.yml +0 -20
  436. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2017-0899.yml +0 -16
  437. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2017-0900.yml +0 -16
  438. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2017-0901.yml +0 -16
  439. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2017-0902.yml +0 -16
  440. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2017-0903.yml +0 -17
  441. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2019-8320.yml +0 -21
  442. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2019-8321.yml +0 -16
  443. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2019-8322.yml +0 -16
  444. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2019-8323.yml +0 -17
  445. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2019-8324.yml +0 -18
  446. data/data/ruby-advisory-db/gems/rubygems-update/CVE-2019-8325.yml +0 -16
  447. data/data/ruby-advisory-db/gems/rubyzip/CVE-2017-5946.yml +0 -17
  448. data/data/ruby-advisory-db/gems/rubyzip/CVE-2018-1000544.yml +0 -19
  449. data/data/ruby-advisory-db/gems/rubyzip/CVE-2019-16892.yml +0 -13
  450. data/data/ruby-advisory-db/gems/safemode/CVE-2016-3693.yml +0 -13
  451. data/data/ruby-advisory-db/gems/safemode/CVE-2017-7540.yml +0 -16
  452. data/data/ruby-advisory-db/gems/samlr/CVE-2018-20857.yml +0 -16
  453. data/data/ruby-advisory-db/gems/sanitize/CVE-2018-3740.yml +0 -22
  454. data/data/ruby-advisory-db/gems/screen_capture/OSVDB-107783.yml +0 -7
  455. data/data/ruby-advisory-db/gems/secure_headers/CVE-2020-5216.yml +0 -52
  456. data/data/ruby-advisory-db/gems/secure_headers/CVE-2020-5217.yml +0 -42
  457. data/data/ruby-advisory-db/gems/sentry-raven/CVE-2014-9490.yml +0 -14
  458. data/data/ruby-advisory-db/gems/sfpagent/CVE-2014-2888.yml +0 -15
  459. data/data/ruby-advisory-db/gems/show_in_browser/CVE-2013-2105.yml +0 -8
  460. data/data/ruby-advisory-db/gems/sidekiq-pro/OSVDB-126329.yml +0 -12
  461. data/data/ruby-advisory-db/gems/sidekiq-pro/OSVDB-126330.yml +0 -10
  462. data/data/ruby-advisory-db/gems/sidekiq-pro/OSVDB-126331.yml +0 -14
  463. data/data/ruby-advisory-db/gems/sidekiq/OSVDB-125675.yml +0 -9
  464. data/data/ruby-advisory-db/gems/sidekiq/OSVDB-125676.yml +0 -14
  465. data/data/ruby-advisory-db/gems/sidekiq/OSVDB-125678.yml +0 -9
  466. data/data/ruby-advisory-db/gems/simple_captcha2/CVE-2019-14282.yml +0 -13
  467. data/data/ruby-advisory-db/gems/simple_form/CVE-2019-16676.yml +0 -15
  468. data/data/ruby-advisory-db/gems/sinatra/CVE-2018-11627.yml +0 -16
  469. data/data/ruby-advisory-db/gems/sinatra/CVE-2018-7212.yml +0 -19
  470. data/data/ruby-advisory-db/gems/slanger/CVE-2019-1010306.yml +0 -16
  471. data/data/ruby-advisory-db/gems/smart_proxy_dynflow/CVE-2018-14643.yml +0 -18
  472. data/data/ruby-advisory-db/gems/sorcery/CVE-2020-11052.yml +0 -27
  473. data/data/ruby-advisory-db/gems/sounder/CVE-2013-5647.yml +0 -14
  474. data/data/ruby-advisory-db/gems/spina/CVE-2015-4619.yml +0 -16
  475. data/data/ruby-advisory-db/gems/spree/OSVDB-119205.yml +0 -18
  476. data/data/ruby-advisory-db/gems/spree/OSVDB-125699.yml +0 -18
  477. data/data/ruby-advisory-db/gems/spree/OSVDB-125701.yml +0 -17
  478. data/data/ruby-advisory-db/gems/spree/OSVDB-125712.yml +0 -16
  479. data/data/ruby-advisory-db/gems/spree/OSVDB-125713.yml +0 -15
  480. data/data/ruby-advisory-db/gems/spree/OSVDB-69098.yml +0 -19
  481. data/data/ruby-advisory-db/gems/spree/OSVDB-73751.yml +0 -11
  482. data/data/ruby-advisory-db/gems/spree/OSVDB-76011.yml +0 -15
  483. data/data/ruby-advisory-db/gems/spree/OSVDB-81505.yml +0 -14
  484. data/data/ruby-advisory-db/gems/spree/OSVDB-81506.yml +0 -16
  485. data/data/ruby-advisory-db/gems/spree/OSVDB-90865.yml +0 -20
  486. data/data/ruby-advisory-db/gems/spree/OSVDB-91216.yml +0 -17
  487. data/data/ruby-advisory-db/gems/spree/OSVDB-91217.yml +0 -17
  488. data/data/ruby-advisory-db/gems/spree/OSVDB-91218.yml +0 -17
  489. data/data/ruby-advisory-db/gems/spree/OSVDB-91219.yml +0 -17
  490. data/data/ruby-advisory-db/gems/spree_auth/OSVDB-90865.yml +0 -16
  491. data/data/ruby-advisory-db/gems/spree_auth_devise/OSVDB-90865.yml +0 -20
  492. data/data/ruby-advisory-db/gems/sprockets/CVE-2014-7819.yml +0 -27
  493. data/data/ruby-advisory-db/gems/sprockets/CVE-2018-3760.yml +0 -23
  494. data/data/ruby-advisory-db/gems/sprout/CVE-2013-6421.yml +0 -16
  495. data/data/ruby-advisory-db/gems/strong_password/CVE-2019-13354.yml +0 -19
  496. data/data/ruby-advisory-db/gems/sup/CVE-2013-4478.yml +0 -14
  497. data/data/ruby-advisory-db/gems/sup/CVE-2013-4479.yml +0 -14
  498. data/data/ruby-advisory-db/gems/thumbshooter/CVE-2013-1898.yml +0 -9
  499. data/data/ruby-advisory-db/gems/twitter-bootstrap-rails/OSVDB-109206.yml +0 -22
  500. data/data/ruby-advisory-db/gems/uglifier/OSVDB-126747.yml +0 -19
  501. data/data/ruby-advisory-db/gems/user_agent_parser/CVE-2020-5243.yml +0 -28
  502. data/data/ruby-advisory-db/gems/web-console/CVE-2015-3224.yml +0 -22
  503. data/data/ruby-advisory-db/gems/web-console/OSVDB-112346.yml +0 -12
  504. data/data/ruby-advisory-db/gems/webbynode/CVE-2013-7086.yml +0 -12
  505. data/data/ruby-advisory-db/gems/websocket-extensions/CVE-2020-7663.yml +0 -35
  506. data/data/ruby-advisory-db/gems/wicked/CVE-2013-4413.yml +0 -14
  507. data/data/ruby-advisory-db/gems/will_paginate/CVE-2013-6459.yml +0 -15
  508. data/data/ruby-advisory-db/gems/xaviershay-dm-rails/CVE-2015-2179.yml +0 -13
  509. data/data/ruby-advisory-db/gems/yajl-ruby/CVE-2017-16516.yml +0 -19
  510. data/data/ruby-advisory-db/gems/yard/CVE-2017-17042.yml +0 -16
  511. data/data/ruby-advisory-db/gems/yard/CVE-2019-1020001.yml +0 -17
  512. data/data/ruby-advisory-db/gems/yard/GHSA-xfhh-rx56-rxcr.yml +0 -12
  513. data/data/ruby-advisory-db/lib/cf_scrape.py +0 -5
  514. data/data/ruby-advisory-db/lib/github_advisory_sync.rb +0 -296
  515. data/data/ruby-advisory-db/libraries/rubygems +0 -1
  516. data/data/ruby-advisory-db/rubies/jruby/CVE-2010-1330.yml +0 -17
  517. data/data/ruby-advisory-db/rubies/jruby/CVE-2011-4838.yml +0 -15
  518. data/data/ruby-advisory-db/rubies/jruby/CVE-2012-5370.yml +0 -17
  519. data/data/ruby-advisory-db/rubies/jruby/OSVDB-94644.yml +0 -12
  520. data/data/ruby-advisory-db/rubies/rbx/CVE-2012-5372.yml +0 -17
  521. data/data/ruby-advisory-db/rubies/rbx/OSVDB-78119.yml +0 -13
  522. data/data/ruby-advisory-db/rubies/ruby/CVE-2007-5162.yml +0 -16
  523. data/data/ruby-advisory-db/rubies/ruby/CVE-2007-5770.yml +0 -17
  524. data/data/ruby-advisory-db/rubies/ruby/CVE-2008-1447.yml +0 -15
  525. data/data/ruby-advisory-db/rubies/ruby/CVE-2008-1891.yml +0 -21
  526. data/data/ruby-advisory-db/rubies/ruby/CVE-2008-2376.yml +0 -18
  527. data/data/ruby-advisory-db/rubies/ruby/CVE-2008-2662.yml +0 -22
  528. data/data/ruby-advisory-db/rubies/ruby/CVE-2008-2663.yml +0 -21
  529. data/data/ruby-advisory-db/rubies/ruby/CVE-2008-2664.yml +0 -21
  530. data/data/ruby-advisory-db/rubies/ruby/CVE-2008-2725.yml +0 -22
  531. data/data/ruby-advisory-db/rubies/ruby/CVE-2008-2726.yml +0 -18
  532. data/data/ruby-advisory-db/rubies/ruby/CVE-2008-3443.yml +0 -17
  533. data/data/ruby-advisory-db/rubies/ruby/CVE-2008-3655.yml +0 -18
  534. data/data/ruby-advisory-db/rubies/ruby/CVE-2008-3656.yml +0 -19
  535. data/data/ruby-advisory-db/rubies/ruby/CVE-2008-3657.yml +0 -16
  536. data/data/ruby-advisory-db/rubies/ruby/CVE-2008-3790.yml +0 -16
  537. data/data/ruby-advisory-db/rubies/ruby/CVE-2008-3905.yml +0 -17
  538. data/data/ruby-advisory-db/rubies/ruby/CVE-2009-0642.yml +0 -17
  539. data/data/ruby-advisory-db/rubies/ruby/CVE-2009-1904.yml +0 -17
  540. data/data/ruby-advisory-db/rubies/ruby/CVE-2009-4124.yml +0 -17
  541. data/data/ruby-advisory-db/rubies/ruby/CVE-2009-4492.yml +0 -20
  542. data/data/ruby-advisory-db/rubies/ruby/CVE-2009-5147.yml +0 -13
  543. data/data/ruby-advisory-db/rubies/ruby/CVE-2010-0541.yml +0 -17
  544. data/data/ruby-advisory-db/rubies/ruby/CVE-2010-2489.yml +0 -17
  545. data/data/ruby-advisory-db/rubies/ruby/CVE-2011-0188.yml +0 -17
  546. data/data/ruby-advisory-db/rubies/ruby/CVE-2011-1004.yml +0 -20
  547. data/data/ruby-advisory-db/rubies/ruby/CVE-2011-1005.yml +0 -15
  548. data/data/ruby-advisory-db/rubies/ruby/CVE-2011-2686.yml +0 -17
  549. data/data/ruby-advisory-db/rubies/ruby/CVE-2011-2705.yml +0 -16
  550. data/data/ruby-advisory-db/rubies/ruby/CVE-2011-3009.yml +0 -17
  551. data/data/ruby-advisory-db/rubies/ruby/CVE-2011-3389.yml +0 -18
  552. data/data/ruby-advisory-db/rubies/ruby/CVE-2011-4815.yml +0 -14
  553. data/data/ruby-advisory-db/rubies/ruby/CVE-2012-4464.yml +0 -17
  554. data/data/ruby-advisory-db/rubies/ruby/CVE-2012-4466.yml +0 -16
  555. data/data/ruby-advisory-db/rubies/ruby/CVE-2012-4481.yml +0 -15
  556. data/data/ruby-advisory-db/rubies/ruby/CVE-2012-4522.yml +0 -16
  557. data/data/ruby-advisory-db/rubies/ruby/CVE-2012-5371.yml +0 -18
  558. data/data/ruby-advisory-db/rubies/ruby/CVE-2013-1821.yml +0 -16
  559. data/data/ruby-advisory-db/rubies/ruby/CVE-2013-2065.yml +0 -19
  560. data/data/ruby-advisory-db/rubies/ruby/CVE-2013-4073.yml +0 -21
  561. data/data/ruby-advisory-db/rubies/ruby/CVE-2013-4164.yml +0 -17
  562. data/data/ruby-advisory-db/rubies/ruby/CVE-2014-2525.yml +0 -20
  563. data/data/ruby-advisory-db/rubies/ruby/CVE-2014-3916.yml +0 -16
  564. data/data/ruby-advisory-db/rubies/ruby/CVE-2014-4975.yml +0 -17
  565. data/data/ruby-advisory-db/rubies/ruby/CVE-2014-8080.yml +0 -19
  566. data/data/ruby-advisory-db/rubies/ruby/CVE-2014-8090.yml +0 -22
  567. data/data/ruby-advisory-db/rubies/ruby/CVE-2015-1855.yml +0 -17
  568. data/data/ruby-advisory-db/rubies/ruby/CVE-2015-7551.yml +0 -19
  569. data/data/ruby-advisory-db/rubies/ruby/CVE-2015-9096.yml +0 -20
  570. data/data/ruby-advisory-db/rubies/ruby/CVE-2017-0898.yml +0 -19
  571. data/data/ruby-advisory-db/rubies/ruby/CVE-2017-10784.yml +0 -25
  572. data/data/ruby-advisory-db/rubies/ruby/CVE-2017-14033.yml +0 -22
  573. data/data/ruby-advisory-db/rubies/ruby/CVE-2017-14064.yml +0 -20
  574. data/data/ruby-advisory-db/rubies/ruby/CVE-2017-17405.yml +0 -22
  575. data/data/ruby-advisory-db/rubies/ruby/CVE-2017-17742.yml +0 -22
  576. data/data/ruby-advisory-db/rubies/ruby/CVE-2018-16395.yml +0 -36
  577. data/data/ruby-advisory-db/rubies/ruby/CVE-2018-16396.yml +0 -26
  578. data/data/ruby-advisory-db/rubies/ruby/CVE-2018-6914.yml +0 -27
  579. data/data/ruby-advisory-db/rubies/ruby/CVE-2018-8777.yml +0 -21
  580. data/data/ruby-advisory-db/rubies/ruby/CVE-2018-8778.yml +0 -20
  581. data/data/ruby-advisory-db/rubies/ruby/CVE-2018-8779.yml +0 -28
  582. data/data/ruby-advisory-db/rubies/ruby/CVE-2018-8780.yml +0 -22
  583. data/data/ruby-advisory-db/rubies/ruby/CVE-2019-15845.yml +0 -18
  584. data/data/ruby-advisory-db/rubies/ruby/CVE-2019-16201.yml +0 -15
  585. data/data/ruby-advisory-db/rubies/ruby/CVE-2019-16254.yml +0 -19
  586. data/data/ruby-advisory-db/rubies/ruby/CVE-2019-16255.yml +0 -20
  587. data/data/ruby-advisory-db/rubies/ruby/CVE-2020-10663.yml +0 -29
  588. data/data/ruby-advisory-db/rubies/ruby/CVE-2020-10933.yml +0 -25
  589. data/data/ruby-advisory-db/scripts/post-advisories.sh +0 -18
  590. data/data/ruby-advisory-db/spec/advisories_spec.rb +0 -23
  591. data/data/ruby-advisory-db/spec/advisory_example.rb +0 -228
  592. data/data/ruby-advisory-db/spec/gem_example.rb +0 -44
  593. data/data/ruby-advisory-db/spec/library_example.rb +0 -21
  594. data/data/ruby-advisory-db/spec/ruby_example.rb +0 -29
  595. data/data/ruby-advisory-db/spec/schemas/gem.yml +0 -71
  596. data/data/ruby-advisory-db/spec/schemas/ruby.yml +0 -36
  597. data/data/ruby-advisory-db/spec/spec_helper.rb +0 -2
@@ -1,26 +0,0 @@
1
- ---
2
- gem: actionpack
3
- framework: rails
4
- cve: 2012-1099
5
- osvdb: 79727
6
- url: https://nvd.nist.gov/vuln/detail/CVE-2012-1099
7
- title:
8
- Ruby on Rails actionpack/lib/action_view/helpers/form_options_helper.rb
9
- Manually Generated Select Tag Options XSS
10
- date: 2012-03-01
11
-
12
- description: |
13
- Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS)
14
- attack. This flaw exists because the application does not validate manually
15
- generated 'select tag options' upon submission to
16
- actionpack/lib/action_view/helpers/form_options_helper.rb. This may allow a
17
- user to create a specially crafted request that would execute arbitrary
18
- script code in a user's browser within the trust relationship between their
19
- browser and the server.
20
-
21
- cvss_v2: 4.3
22
-
23
- patched_versions:
24
- - ~> 3.0.12
25
- - ~> 3.1.4
26
- - ">= 3.2.2"
@@ -1,28 +0,0 @@
1
- ---
2
- gem: actionpack
3
- framework: rails
4
- cve: 2012-3424
5
- osvdb: 84243
6
- url: https://nvd.nist.gov/vuln/detail/CVE-2012-3424
7
- title:
8
- Ruby on Rails actionpack/lib/action_controller/metal/http_authentication.rb
9
- with_http_digest Helper Method Remote DoS
10
- date: 2012-07-26
11
-
12
- description: |
13
- Ruby on Rails contains a flaw that may allow a remote denial of service.
14
- The issue is triggered when an error occurs in
15
- actionpack/lib/action_controller/metal/http_authentication.rb when the
16
- with_http_digest helper method is being used. This may allow a remote
17
- attacker to cause a loss of availability for the program.
18
-
19
- cvss_v2: 5.0
20
-
21
- unaffected_versions:
22
- - ">= 2.3.5, <= 2.3.14"
23
-
24
- patched_versions:
25
- - ~> 3.0.16
26
- - ~> 3.1.7
27
- - ">= 3.2.7"
28
-
@@ -1,26 +0,0 @@
1
- ---
2
- gem: actionpack
3
- framework: rails
4
- cve: 2012-3463
5
- osvdb: 84515
6
- url: https://nvd.nist.gov/vuln/detail/CVE-2012-3463
7
- title: Ruby on Rails select_tag Helper Method prompt Value XSS
8
- date: 2012-08-09
9
-
10
- description: |
11
- Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS)
12
- attack. This flaw exists because input passed via the prompt value is not
13
- properly sanitized by the select_tag helper method before returning it to
14
- the user. This may allow a user to create a specially crafted request that
15
- would execute arbitrary script code in a user's browser within the trust
16
- relationship between their browser and the server.
17
-
18
- cvss_v2: 4.3
19
-
20
- unaffected_versions:
21
- - ~> 2.3.0
22
-
23
- patched_versions:
24
- - ~> 3.0.17
25
- - ~> 3.1.8
26
- - ">= 3.2.8"
@@ -1,23 +0,0 @@
1
- ---
2
- gem: actionpack
3
- framework: rails
4
- cve: 2012-3465
5
- osvdb: 84513
6
- url: https://nvd.nist.gov/vuln/detail/CVE-2012-3465
7
- title: Ruby on Rails strip_tags Helper Method XSS
8
- date: 2012-08-09
9
-
10
- description: |
11
- Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS)
12
- attack. This flaw exists because the application does not validate input
13
- passed via the 'strip_tags' helper method before returning it to the user.
14
- This may allow a user to create a specially crafted request that would
15
- execute arbitrary script code in a user's browser within the trust
16
- relationship between their browser and the server.
17
-
18
- cvss_v2: 4.3
19
-
20
- patched_versions:
21
- - ~> 3.0.17
22
- - ~> 3.1.8
23
- - ">= 3.2.8"
@@ -1,24 +0,0 @@
1
- ---
2
- gem: actionpack
3
- framework: rails
4
- cve: 2013-0156
5
- osvdb: 89026
6
- url: https://nvd.nist.gov/vuln/detail/CVE-2013-0156
7
- title:
8
- Ruby on Rails params_parser.rb Action Pack Type Casting Parameter Parsing
9
- Remote Code Execution
10
- date: 2013-01-08
11
-
12
- description: |
13
- Ruby on Rails contains a flaw in params_parser.rb of the Action Pack.
14
- The issue is triggered when a type casting error occurs during the parsing
15
- of parameters. This may allow a remote attacker to potentially execute
16
- arbitrary code.
17
-
18
- cvss_v2: 10.0
19
-
20
- patched_versions:
21
- - ~> 2.3.15
22
- - ~> 3.0.19
23
- - ~> 3.1.10
24
- - ">= 3.2.11"
@@ -1,20 +0,0 @@
1
- ---
2
- gem: actionpack
3
- framework: rails
4
- cve: 2013-1855
5
- osvdb: 91452
6
- url: https://nvd.nist.gov/vuln/detail/CVE-2013-1855
7
- title: XSS vulnerability in sanitize_css in Action Pack
8
- date: 2013-03-19
9
-
10
- description: |
11
- There is an XSS vulnerability in the `sanitize_css` method in Action
12
- Pack. Carefully crafted text can bypass the sanitization provided in
13
- the `sanitize_css` method in Action Pack
14
-
15
- cvss_v2: 4.3
16
-
17
- patched_versions:
18
- - ~> 2.3.18
19
- - ~> 3.1.12
20
- - ">= 3.2.13"
@@ -1,23 +0,0 @@
1
- ---
2
- gem: actionpack
3
- framework: rails
4
- cve: 2013-1857
5
- osvdb: 91454
6
- url: https://nvd.nist.gov/vuln/detail/CVE-2013-1857
7
- title: XSS Vulnerability in the `sanitize` helper of Ruby on Rails
8
- date: 2013-03-19
9
-
10
- description: |
11
- The sanitize helper in Ruby on Rails is designed to
12
- filter HTML and remove all tags and attributes which could be
13
- malicious. The code which ensured that URLs only contain supported
14
- protocols contained several bugs which could allow an attacker to
15
- embed a tag containing a URL which executes arbitrary javascript
16
- code.
17
-
18
- cvss_v2: 4.3
19
-
20
- patched_versions:
21
- - ~> 2.3.18
22
- - ~> 3.1.12
23
- - ">= 3.2.13"
@@ -1,24 +0,0 @@
1
- ---
2
- gem: actionpack
3
- framework: rails
4
- cve: 2014-0081
5
- osvdb: 103439
6
- url: https://nvd.nist.gov/vuln/detail/CVE-2014-0081
7
- title: XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human
8
- date: 2014-02-18
9
-
10
- description: |
11
- Ruby on Rails contains a flaw that allows a cross-site scripting (XSS) attack.
12
- This flaw exists because the actionpack/lib/action_view/helpers/number_helper.rb
13
- script does not validate input to the 'number_to_currency', 'number_to_percentage',
14
- and 'number_to_human' helpers before returning it to users. This may allow a
15
- remote attacker to create a specially crafted request that would execute arbitrary
16
- script code in a user's browser session within the trust relationship between
17
- their browser and the server.
18
-
19
- cvss_v2: 4.3
20
-
21
- patched_versions:
22
- - ~> 3.2.17
23
- - ~> 4.0.3
24
- - ">= 4.1.0.beta2"
@@ -1,22 +0,0 @@
1
- ---
2
- gem: actionpack
3
- framework: rails
4
- cve: 2014-0082
5
- osvdb: 103440
6
- url: https://nvd.nist.gov/vuln/detail/CVE-2014-0082
7
- title: Denial of Service Vulnerability in Action View when using render :text
8
- date: 2014-02-18
9
-
10
- description: |
11
- Ruby on Rails contains a flaw in actionpack/lib/action_view/template/text.rb
12
- in the text rendering component of Action View that is triggered when
13
- handling MIME types that are converted to symbols. This may allow a
14
- remote attacker to cause a denial of service.
15
-
16
- cvss_v2: 5.0
17
-
18
- unaffected_versions:
19
- - ">= 4.0.0"
20
-
21
- patched_versions:
22
- - ">= 3.2.17"
@@ -1,23 +0,0 @@
1
- ---
2
- gem: actionpack
3
- framework: rails
4
- cve: 2014-0130
5
- url: https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o
6
- title: Directory Traversal Vulnerability With Certain Route Configurations
7
- date: 2014-05-06
8
-
9
- description: |
10
- There is a vulnerability in the 'implicit render'
11
- functionality in Ruby on Rails.The implicit render functionality
12
- allows controllers to render a template, even if there is no
13
- explicit action with the corresponding name. This module does not
14
- perform adequate input sanitization which could allow an attacker to
15
- use a specially crafted request to retrieve arbitrary files from the
16
- rails application server.
17
-
18
- cvss_v2: 4.3
19
-
20
- patched_versions:
21
- - ~> 3.2.18
22
- - ~> 4.0.5
23
- - ">= 4.1.1"
@@ -1,24 +0,0 @@
1
- ---
2
- gem: actionpack
3
- framework: rails
4
- cve: 2014-7818
5
- url: https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo
6
- title: Arbitrary file existence disclosure in Action Pack
7
- date: 2014-10-30
8
-
9
- description: |
10
- Specially crafted requests can be used to determine whether a file exists on
11
- the filesystem that is outside the Rails application's root directory. The
12
- files will not be served, but attackers can determine whether or not the file
13
- exists.
14
-
15
- cvss_v2: 4.3
16
-
17
- unaffected_versions:
18
- - "< 3.0.0"
19
-
20
- patched_versions:
21
- - ~> 3.2.20
22
- - ~> 4.0.11
23
- - ~> 4.1.7
24
- - ">= 4.2.0.beta3"
@@ -1,26 +0,0 @@
1
- ---
2
- gem: actionpack
3
- framework: rails
4
- cve: 2014-7829
5
- url: https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk
6
- title: Arbitrary file existence disclosure in Action Pack
7
- date: 2014-11-17
8
-
9
- description: |
10
- Specially crafted requests can be used to determine whether a file exists on
11
- the filesystem that is outside the Rails application's root directory. The
12
- files will not be served, but attackers can determine whether or not the file
13
- exists. This vulnerability is very similar to CVE-2014-7818, but the
14
- specially crafted string is slightly different.
15
-
16
- cvss_v2: 5.0
17
-
18
- unaffected_versions:
19
- - "< 3.0.0"
20
-
21
- patched_versions:
22
- - ~> 3.2.21
23
- - ~> 4.0.11.1
24
- - ~> 4.0.12
25
- - ~> 4.1.7.1
26
- - ">= 4.1.8"
@@ -1,119 +0,0 @@
1
- ---
2
- gem: actionpack
3
- framework: rails
4
- cve: 2015-7576
5
- date: 2016-01-25
6
- url: "https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k"
7
-
8
- title: Timing attack vulnerability in basic authentication in Action Controller.
9
-
10
- description: |
11
- There is a timing attack vulnerability in the basic authentication support
12
- in Action Controller. This vulnerability has been assigned the CVE
13
- identifier CVE-2015-7576.
14
-
15
- Versions Affected: All.
16
- Not affected: None.
17
- Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1
18
-
19
- Impact
20
- ------
21
- Due to the way that Action Controller compares user names and passwords in
22
- basic authentication authorization code, it is possible for an attacker to
23
- analyze the time taken by a response and intuit the password.
24
-
25
- For example, this string comparison:
26
-
27
- "foo" == "bar"
28
-
29
- is possibly faster than this comparison:
30
-
31
- "foo" == "fo1"
32
-
33
- Attackers can use this information to attempt to guess the username and
34
- password used in the basic authentication system.
35
-
36
- You can tell you application is vulnerable to this attack by looking for
37
- `http_basic_authenticate_with` method calls in your application.
38
-
39
- All users running an affected release should either upgrade or use one of
40
- the workarounds immediately.
41
-
42
- Releases
43
- --------
44
- The FIXED releases are available at the normal locations.
45
-
46
- Workarounds
47
- -----------
48
- If you can't upgrade, please use the following monkey patch in an initializer
49
- that is loaded before your application:
50
-
51
- ```
52
- $ cat config/initializers/basic_auth_fix.rb
53
- module ActiveSupport
54
- module SecurityUtils
55
- def secure_compare(a, b)
56
- return false unless a.bytesize == b.bytesize
57
-
58
- l = a.unpack "C#{a.bytesize}"
59
-
60
- res = 0
61
- b.each_byte { |byte| res |= byte ^ l.shift }
62
- res == 0
63
- end
64
- module_function :secure_compare
65
-
66
- def variable_size_secure_compare(a, b)
67
- secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))
68
- end
69
- module_function :variable_size_secure_compare
70
- end
71
- end
72
-
73
- module ActionController
74
- class Base
75
- def self.http_basic_authenticate_with(options = {})
76
- before_action(options.except(:name, :password, :realm)) do
77
- authenticate_or_request_with_http_basic(options[:realm] || "Application") do |name, password|
78
- # This comparison uses & so that it doesn't short circuit and
79
- # uses `variable_size_secure_compare` so that length information
80
- # isn't leaked.
81
- ActiveSupport::SecurityUtils.variable_size_secure_compare(name, options[:name]) &
82
- ActiveSupport::SecurityUtils.variable_size_secure_compare(password, options[:password])
83
- end
84
- end
85
- end
86
- end
87
- end
88
- ```
89
-
90
-
91
- Patches
92
- -------
93
- To aid users who aren't able to upgrade immediately we have provided patches for
94
- the two supported release series. They are in git-am format and consist of a
95
- single changeset.
96
-
97
- * 4-1-basic_auth.patch - Patch for 4.1 series
98
- * 4-2-basic_auth.patch - Patch for 4.2 series
99
- * 5-0-basic_auth.patch - Patch for 5.0 series
100
-
101
- Please note that only the 4.1.x and 4.2.x series are supported at present. Users
102
- of earlier unsupported releases are advised to upgrade as soon as possible as we
103
- cannot guarantee the continued availability of security fixes for unsupported
104
- releases.
105
-
106
- Credits
107
- -------
108
-
109
- Thank you to Daniel Waterworth for reporting the problem and working with us to
110
- fix it.
111
-
112
- cvss_v2: 4.3
113
- cvss_v3: 3.7
114
-
115
- patched_versions:
116
- - ">= 5.0.0.beta1.1"
117
- - "~> 4.2.5, >= 4.2.5.1"
118
- - "~> 4.1.14, >= 4.1.14.1"
119
- - "~> 3.2.22.1"
@@ -1,55 +0,0 @@
1
- ---
2
- gem: actionpack
3
- framework: rails
4
- cve: 2015-7581
5
- date: 2016-01-25
6
- url: "https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE"
7
-
8
- title: Object leak vulnerability for wildcard controller routes in Action Pack
9
-
10
- description: |
11
- There is an object leak vulnerability for wildcard controllers in Action Pack.
12
- This vulnerability has been assigned the CVE identifier CVE-2015-7581.
13
-
14
- Versions Affected: >= 4.0.0 and < 5.0.0.beta1
15
- Not affected: < 4.0.0, 5.0.0.beta1 and newer
16
- Fixed Versions: 4.2.5.1, 4.1.14.1
17
-
18
- Impact
19
- ------
20
- Users that have a route that contains the string ":controller" are susceptible
21
- to objects being leaked globally which can lead to unbounded memory growth.
22
- To identify if your application is vulnerable, look for routes that contain
23
- ":controller".
24
-
25
- Internally, Action Pack keeps a map of "url controller name" to "controller
26
- class name". This map is cached globally, and is populated even if the
27
- controller class doesn't actually exist.
28
-
29
- All users running an affected release should either upgrade or use one of the
30
- workarounds immediately.
31
-
32
- Releases
33
- --------
34
- The FIXED releases are available at the normal locations.
35
-
36
- Workarounds
37
- -----------
38
- There are no feasible workarounds for this issue.
39
-
40
- Patches
41
- -------
42
- To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.
43
-
44
- * 4-1-wildcard_route.patch - Patch for 4.1 series
45
- * 4-2-wildcard_route.patch - Patch for 4.2 series
46
-
47
- Please note that only the 4.1.x and 4.2.x series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.
48
-
49
- unaffected_versions:
50
- - "< 4.0.0"
51
- - ">= 5.0.0.beta1"
52
-
53
- patched_versions:
54
- - "~> 4.2.5, >= 4.2.5.1"
55
- - "~> 4.1.14, >= 4.1.14.1"