bundler-audit 0.7.0 → 0.7.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ChangeLog.md +5 -1
- data/Rakefile +5 -1
- data/data/ruby-advisory-db.ts +1 -1
- data/data/ruby-advisory-db/.gitignore +1 -0
- data/data/ruby-advisory-db/.rspec +1 -0
- data/data/ruby-advisory-db/.travis.yml +12 -0
- data/data/ruby-advisory-db/CONTRIBUTING.md +71 -0
- data/data/ruby-advisory-db/CONTRIBUTORS.md +41 -0
- data/data/ruby-advisory-db/Gemfile +11 -0
- data/data/ruby-advisory-db/LICENSE.txt +5 -0
- data/data/ruby-advisory-db/README.md +133 -0
- data/data/ruby-advisory-db/Rakefile +22 -0
- data/data/ruby-advisory-db/gems/Arabic-Prawn/CVE-2014-2322.yml +12 -0
- data/data/ruby-advisory-db/gems/RedCloth/CVE-2012-6684.yml +21 -0
- data/data/ruby-advisory-db/gems/VladTheEnterprising/CVE-2014-4995.yml +13 -0
- data/data/ruby-advisory-db/gems/VladTheEnterprising/CVE-2014-4996.yml +13 -0
- data/data/ruby-advisory-db/gems/actionmailer/CVE-2013-4389.yml +17 -0
- data/data/ruby-advisory-db/gems/actionpack-page_caching/CVE-2020-8159.yml +40 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2012-1099.yml +26 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2012-3424.yml +28 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2012-3463.yml +26 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2012-3465.yml +23 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2013-0156.yml +24 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2013-1855.yml +20 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2013-1857.yml +23 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2014-0081.yml +24 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2014-0082.yml +22 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2014-0130.yml +23 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2014-7818.yml +24 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2014-7829.yml +26 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2015-7576.yml +119 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2015-7581.yml +55 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2016-0751.yml +74 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2016-0752.yml +96 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2016-2097.yml +91 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2016-2098.yml +89 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2016-6316.yml +57 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2020-8164.yml +49 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2020-8166.yml +31 -0
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-100524.yml +20 -0
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-100525.yml +21 -0
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-100526.yml +27 -0
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-100527.yml +24 -0
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-100528.yml +22 -0
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-74616.yml +18 -0
- data/data/ruby-advisory-db/gems/actionpack/OSVDB-77199.yml +23 -0
- data/data/ruby-advisory-db/gems/actionview/CVE-2016-0752.yml +95 -0
- data/data/ruby-advisory-db/gems/actionview/CVE-2016-2097.yml +89 -0
- data/data/ruby-advisory-db/gems/actionview/CVE-2016-6316.yml +56 -0
- data/data/ruby-advisory-db/gems/actionview/CVE-2019-5418.yml +98 -0
- data/data/ruby-advisory-db/gems/actionview/CVE-2019-5419.yml +95 -0
- data/data/ruby-advisory-db/gems/actionview/CVE-2020-5267.yml +69 -0
- data/data/ruby-advisory-db/gems/actionview/CVE-2020-8163.yml +29 -0
- data/data/ruby-advisory-db/gems/actionview/CVE-2020-8167.yml +45 -0
- data/data/ruby-advisory-db/gems/active-support/CVE-2018-3779.yml +17 -0
- data/data/ruby-advisory-db/gems/activejob/CVE-2018-16476.yml +36 -0
- data/data/ruby-advisory-db/gems/activemodel/CVE-2016-0753.yml +95 -0
- data/data/ruby-advisory-db/gems/activerecord-jdbc-adapter/OSVDB-114854.yml +20 -0
- data/data/ruby-advisory-db/gems/activerecord-oracle_enhanced-adapter/OSVDB-95376.yml +15 -0
- data/data/ruby-advisory-db/gems/activerecord/CVE-2012-2660.yml +24 -0
- data/data/ruby-advisory-db/gems/activerecord/CVE-2012-2661.yml +25 -0
- data/data/ruby-advisory-db/gems/activerecord/CVE-2013-0155.yml +24 -0
- data/data/ruby-advisory-db/gems/activerecord/CVE-2013-0276.yml +21 -0
- data/data/ruby-advisory-db/gems/activerecord/CVE-2013-0277.yml +23 -0
- data/data/ruby-advisory-db/gems/activerecord/CVE-2013-1854.yml +26 -0
- data/data/ruby-advisory-db/gems/activerecord/CVE-2014-0080.yml +23 -0
- data/data/ruby-advisory-db/gems/activerecord/CVE-2014-3482.yml +23 -0
- data/data/ruby-advisory-db/gems/activerecord/CVE-2014-3483.yml +24 -0
- data/data/ruby-advisory-db/gems/activerecord/CVE-2014-3514.yml +23 -0
- data/data/ruby-advisory-db/gems/activerecord/CVE-2015-7577.yml +110 -0
- data/data/ruby-advisory-db/gems/activerecord/CVE-2016-6317.yml +73 -0
- data/data/ruby-advisory-db/gems/activerecord/OSVDB-88661.yml +20 -0
- data/data/ruby-advisory-db/gems/activeresource/CVE-2020-8151.yml +48 -0
- data/data/ruby-advisory-db/gems/activeresource/OSVDB-95749.yml +15 -0
- data/data/ruby-advisory-db/gems/activestorage/CVE-2018-16477.yml +43 -0
- data/data/ruby-advisory-db/gems/activestorage/CVE-2020-8162.yml +31 -0
- data/data/ruby-advisory-db/gems/activesupport/CVE-2012-1098.yml +26 -0
- data/data/ruby-advisory-db/gems/activesupport/CVE-2012-3464.yml +23 -0
- data/data/ruby-advisory-db/gems/activesupport/CVE-2013-0333.yml +25 -0
- data/data/ruby-advisory-db/gems/activesupport/CVE-2013-1856.yml +28 -0
- data/data/ruby-advisory-db/gems/activesupport/CVE-2015-3226.yml +55 -0
- data/data/ruby-advisory-db/gems/activesupport/CVE-2015-3227.yml +33 -0
- data/data/ruby-advisory-db/gems/activesupport/CVE-2020-8165.yml +41 -0
- data/data/ruby-advisory-db/gems/administrate/CVE-2016-3098.yml +14 -0
- data/data/ruby-advisory-db/gems/administrate/CVE-2020-5257.yml +24 -0
- data/data/ruby-advisory-db/gems/aescrypt/CVE-2013-7463.yml +10 -0
- data/data/ruby-advisory-db/gems/airbrake-ruby/CVE-2019-16060.yml +18 -0
- data/data/ruby-advisory-db/gems/archive-tar-minitar/CVE-2016-10173.yml +16 -0
- data/data/ruby-advisory-db/gems/as/OSVDB-112683.yml +10 -0
- data/data/ruby-advisory-db/gems/authlogic/CVE-2012-6497.yml +15 -0
- data/data/ruby-advisory-db/gems/auto_awesomplete/OSVDB-132800.yml +11 -0
- data/data/ruby-advisory-db/gems/auto_select2/OSVDB-132800.yml +13 -0
- data/data/ruby-advisory-db/gems/awesome-bot/CVE-2019-15224.yml +19 -0
- data/data/ruby-advisory-db/gems/awesome_spawn/CVE-2014-0156.yml +19 -0
- data/data/ruby-advisory-db/gems/backup-agoddard/CVE-2014-4993.yml +8 -0
- data/data/ruby-advisory-db/gems/backup_checksum/CVE-2014-4993.yml +12 -0
- data/data/ruby-advisory-db/gems/backup_checksum/OSVDB-108570.yml +10 -0
- data/data/ruby-advisory-db/gems/bcrypt-ruby/OSVDB-62067.yml +19 -0
- data/data/ruby-advisory-db/gems/bcrypt/OSVDB-62067.yml +17 -0
- data/data/ruby-advisory-db/gems/bibtex-ruby/CVE-2019-10780.yml +16 -0
- data/data/ruby-advisory-db/gems/bio-basespace-sdk/CVE-2013-7111.yml +8 -0
- data/data/ruby-advisory-db/gems/bitcoin_vanity/CVE-2019-15224.yml +18 -0
- data/data/ruby-advisory-db/gems/blockchain_wallet/CVE-2019-15224.yml +19 -0
- data/data/ruby-advisory-db/gems/bootstrap-sass/CVE-2016-10735.yml +20 -0
- data/data/ruby-advisory-db/gems/bootstrap-sass/CVE-2019-10842.yml +25 -0
- data/data/ruby-advisory-db/gems/bootstrap-sass/CVE-2019-8331.yml +20 -0
- data/data/ruby-advisory-db/gems/bootstrap/CVE-2016-10735.yml +20 -0
- data/data/ruby-advisory-db/gems/bootstrap/CVE-2018-14040.yml +24 -0
- data/data/ruby-advisory-db/gems/bootstrap/CVE-2019-8331.yml +20 -0
- data/data/ruby-advisory-db/gems/brakeman/CVE-2019-18409.yml +26 -0
- data/data/ruby-advisory-db/gems/brbackup/CVE-2014-5004.yml +11 -0
- data/data/ruby-advisory-db/gems/brbackup/OSVDB-108899.yml +12 -0
- data/data/ruby-advisory-db/gems/brbackup/OSVDB-108900.yml +11 -0
- data/data/ruby-advisory-db/gems/bson/CVE-2015-4411.yml +21 -0
- data/data/ruby-advisory-db/gems/bson/CVE-2015-4412.yml +18 -0
- data/data/ruby-advisory-db/gems/builder/OSVDB-95668.yml +13 -0
- data/data/ruby-advisory-db/gems/bundler/CVE-2013-0334.yml +15 -0
- data/data/ruby-advisory-db/gems/bundler/OSVDB-115090.yml +13 -0
- data/data/ruby-advisory-db/gems/bundler/OSVDB-115091.yml +12 -0
- data/data/ruby-advisory-db/gems/bundler/OSVDB-115917.yml +12 -0
- data/data/ruby-advisory-db/gems/cairo/CVE-2017-7475.yml +15 -0
- data/data/ruby-advisory-db/gems/cap-strap/CVE-2014-4992.yml +8 -0
- data/data/ruby-advisory-db/gems/cap-strap/OSVDB-108575.yml +7 -0
- data/data/ruby-advisory-db/gems/capistrano-colors/CVE-2019-15224.yml +19 -0
- data/data/ruby-advisory-db/gems/chartkick/CVE-2019-12732.yml +21 -0
- data/data/ruby-advisory-db/gems/chartkick/CVE-2019-18841.yml +13 -0
- data/data/ruby-advisory-db/gems/chloride/CVE-2018-6517.yml +17 -0
- data/data/ruby-advisory-db/gems/ciborg/CVE-2014-5003.yml +8 -0
- data/data/ruby-advisory-db/gems/cocaine/CVE-2013-4457.yml +15 -0
- data/data/ruby-advisory-db/gems/codders-dataset/CVE-2014-4991.yml +8 -0
- data/data/ruby-advisory-db/gems/coin_base/CVE-2019-15224.yml +18 -0
- data/data/ruby-advisory-db/gems/colorscore/CVE-2015-7541.yml +21 -0
- data/data/ruby-advisory-db/gems/coming-soon/CVE-2019-15224.yml +18 -0
- data/data/ruby-advisory-db/gems/command_wrap/CVE-2013-1875.yml +9 -0
- data/data/ruby-advisory-db/gems/consul/CVE-2019-16377.yml +15 -0
- data/data/ruby-advisory-db/gems/crack/CVE-2013-1800.yml +17 -0
- data/data/ruby-advisory-db/gems/cremefraiche/CVE-2013-2090.yml +11 -0
- data/data/ruby-advisory-db/gems/cron_parser/CVE-2019-15224.yml +20 -0
- data/data/ruby-advisory-db/gems/curb/OSVDB-114600.yml +12 -0
- data/data/ruby-advisory-db/gems/curl/CVE-2013-2617.yml +13 -0
- data/data/ruby-advisory-db/gems/datagrid/CVE-2019-14281.yml +14 -0
- data/data/ruby-advisory-db/gems/delayed_job_web/CVE-2017-12097.yml +17 -0
- data/data/ruby-advisory-db/gems/devise-two-factor/CVE-2015-7225.yml +22 -0
- data/data/ruby-advisory-db/gems/devise/CVE-2013-0233.yml +20 -0
- data/data/ruby-advisory-db/gems/devise/CVE-2015-8314.yml +14 -0
- data/data/ruby-advisory-db/gems/devise/CVE-2019-16109.yml +13 -0
- data/data/ruby-advisory-db/gems/devise/CVE-2019-5421.yml +16 -0
- data/data/ruby-advisory-db/gems/devise/OSVDB-114435.yml +17 -0
- data/data/ruby-advisory-db/gems/doge-coin/CVE-2019-15224.yml +19 -0
- data/data/ruby-advisory-db/gems/doorkeeper-openid_connect/CVE-2019-9837.yml +16 -0
- data/data/ruby-advisory-db/gems/doorkeeper/CVE-2014-8144.yml +26 -0
- data/data/ruby-advisory-db/gems/doorkeeper/CVE-2016-6582.yml +43 -0
- data/data/ruby-advisory-db/gems/doorkeeper/CVE-2018-1000088.yml +39 -0
- data/data/ruby-advisory-db/gems/doorkeeper/CVE-2018-1000211.yml +39 -0
- data/data/ruby-advisory-db/gems/doorkeeper/CVE-2020-10187.yml +34 -0
- data/data/ruby-advisory-db/gems/doorkeeper/OSVDB-118830.yml +17 -0
- data/data/ruby-advisory-db/gems/dragonfly/CVE-2013-1756.yml +16 -0
- data/data/ruby-advisory-db/gems/dragonfly/CVE-2013-5671.yml +14 -0
- data/data/ruby-advisory-db/gems/dragonfly/OSVDB-110439.yml +13 -0
- data/data/ruby-advisory-db/gems/dragonfly/OSVDB-97854.yml +12 -0
- data/data/ruby-advisory-db/gems/easymon/CVE-2018-1000855.yml +16 -0
- data/data/ruby-advisory-db/gems/echor/CVE-2014-1834.yml +12 -0
- data/data/ruby-advisory-db/gems/echor/CVE-2014-1835.yml +11 -0
- data/data/ruby-advisory-db/gems/ember-source/CVE-2013-4170.yml +25 -0
- data/data/ruby-advisory-db/gems/ember-source/CVE-2014-0013.yml +33 -0
- data/data/ruby-advisory-db/gems/ember-source/CVE-2014-0014.yml +30 -0
- data/data/ruby-advisory-db/gems/ember-source/CVE-2014-0046.yml +26 -0
- data/data/ruby-advisory-db/gems/ember-source/CVE-2015-1866.yml +26 -0
- data/data/ruby-advisory-db/gems/ember-source/CVE-2015-7565.yml +30 -0
- data/data/ruby-advisory-db/gems/enum_column3/OSVDB-94679.yml +9 -0
- data/data/ruby-advisory-db/gems/espeak-ruby/CVE-2016-10193.yml +15 -0
- data/data/ruby-advisory-db/gems/excon/CVE-2019-16779.yml +23 -0
- data/data/ruby-advisory-db/gems/extlib/CVE-2013-1802.yml +18 -0
- data/data/ruby-advisory-db/gems/fastreader/CVE-2013-2615.yml +13 -0
- data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2013-7222.yml +17 -0
- data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2013-7223.yml +19 -0
- data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2013-7224.yml +17 -0
- data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2013-7225.yml +19 -0
- data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2013-7249.yml +16 -0
- data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2014-5441.yml +19 -0
- data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2015-1585.yml +17 -0
- data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2018-1000842.yml +23 -0
- data/data/ruby-advisory-db/gems/fat_free_crm/CVE-2018-20975.yml +12 -0
- data/data/ruby-advisory-db/gems/faye/CVE-2020-11020.yml +91 -0
- data/data/ruby-advisory-db/gems/features/CVE-2013-4318.yml +8 -0
- data/data/ruby-advisory-db/gems/festivaltts4r/CVE-2016-10194.yml +12 -0
- data/data/ruby-advisory-db/gems/ffi/CVE-2018-1000201.yml +22 -0
- data/data/ruby-advisory-db/gems/field_test/CVE-2019-13146.yml +20 -0
- data/data/ruby-advisory-db/gems/fileutils/CVE-2013-2516.yml +11 -0
- data/data/ruby-advisory-db/gems/fileutils/OSVDB-90715.yml +7 -0
- data/data/ruby-advisory-db/gems/fileutils/OSVDB-90716.yml +7 -0
- data/data/ruby-advisory-db/gems/fileutils/OSVDB-90718.yml +7 -0
- data/data/ruby-advisory-db/gems/flash_tool/CVE-2013-2513.yml +8 -0
- data/data/ruby-advisory-db/gems/flavour_saver/OSVDB-110796.yml +14 -0
- data/data/ruby-advisory-db/gems/flukso4r/OSVDB-101577.yml +7 -0
- data/data/ruby-advisory-db/gems/fog-dragonfly/CVE-2013-1756.yml +18 -0
- data/data/ruby-advisory-db/gems/fog-dragonfly/CVE-2013-5671.yml +16 -0
- data/data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-110439.yml +15 -0
- data/data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-97854.yml +12 -0
- data/data/ruby-advisory-db/gems/ftpd/CVE-2013-2512.yml +18 -0
- data/data/ruby-advisory-db/gems/geminabox/CVE-2017-16792.yml +21 -0
- data/data/ruby-advisory-db/gems/gemirro/CVE-2017-16833.yml +22 -0
- data/data/ruby-advisory-db/gems/git-fastclone/CVE-2015-8968.yml +21 -0
- data/data/ruby-advisory-db/gems/git-fastclone/CVE-2015-8969.yml +13 -0
- data/data/ruby-advisory-db/gems/gitlab-grit/CVE-2013-4489.yml +14 -0
- data/data/ruby-advisory-db/gems/gnms/OSVDB-108594.yml +7 -0
- data/data/ruby-advisory-db/gems/gollum-grit_adapter/CVE-2014-9489.yml +23 -0
- data/data/ruby-advisory-db/gems/gollum/CVE-2015-7314.yml +13 -0
- data/data/ruby-advisory-db/gems/grape/CVE-2018-3769.yml +20 -0
- data/data/ruby-advisory-db/gems/gtk2/CVE-2007-6183.yml +20 -0
- data/data/ruby-advisory-db/gems/gyazo/CVE-2014-4994.yml +10 -0
- data/data/ruby-advisory-db/gems/haml/CVE-2017-1002201.yml +19 -0
- data/data/ruby-advisory-db/gems/handlebars-source/OSVDB-131671.yml +17 -0
- data/data/ruby-advisory-db/gems/http/CVE-2015-1828.yml +14 -0
- data/data/ruby-advisory-db/gems/httparty/CVE-2013-1801.yml +14 -0
- data/data/ruby-advisory-db/gems/i18n/CVE-2014-10077.yml +18 -0
- data/data/ruby-advisory-db/gems/i18n/OSVDB-100528.yml +17 -0
- data/data/ruby-advisory-db/gems/iodine/GHSA-85rf-xh54-whp3.yml +21 -0
- data/data/ruby-advisory-db/gems/jekyll/CVE-2018-17567.yml +14 -0
- data/data/ruby-advisory-db/gems/jquery-rails/CVE-2015-1840.yml +36 -0
- data/data/ruby-advisory-db/gems/jquery-rails/CVE-2019-11358.yml +24 -0
- data/data/ruby-advisory-db/gems/jquery-ui-rails/CVE-2016-7103.yml +23 -0
- data/data/ruby-advisory-db/gems/jquery-ujs/CVE-2015-1840.yml +35 -0
- data/data/ruby-advisory-db/gems/jruby-openssl/CVE-2009-4123.yml +16 -0
- data/data/ruby-advisory-db/gems/jruby-sandbox/OSVDB-106279.yml +12 -0
- data/data/ruby-advisory-db/gems/json-jwt/CVE-2018-1000539.yml +21 -0
- data/data/ruby-advisory-db/gems/json-jwt/CVE-2019-18848.yml +15 -0
- data/data/ruby-advisory-db/gems/json/CVE-2013-0269.yml +20 -0
- data/data/ruby-advisory-db/gems/json/CVE-2020-10663.yml +35 -0
- data/data/ruby-advisory-db/gems/json/OSVDB-101157.yml +14 -0
- data/data/ruby-advisory-db/gems/kafo/CVE-2014-0135.yml +15 -0
- data/data/ruby-advisory-db/gems/kajam/CVE-2014-4999.yml +12 -0
- data/data/ruby-advisory-db/gems/kajam/OSVDB-108530.yml +11 -0
- data/data/ruby-advisory-db/gems/kaminari/CVE-2020-11082.yml +34 -0
- data/data/ruby-advisory-db/gems/karo/OSVDB-108573.yml +10 -0
- data/data/ruby-advisory-db/gems/karteek-docsplit/CVE-2013-1933.yml +9 -0
- data/data/ruby-advisory-db/gems/kcapifony/CVE-2014-5001.yml +8 -0
- data/data/ruby-advisory-db/gems/kcapifony/OSVDB-108572.yml +7 -0
- data/data/ruby-advisory-db/gems/kelredd-pruview/CVE-2013-1947.yml +9 -0
- data/data/ruby-advisory-db/gems/kompanee-recipes/OSVDB-108593.yml +12 -0
- data/data/ruby-advisory-db/gems/lawn-login/CVE-2014-5000.yml +8 -0
- data/data/ruby-advisory-db/gems/ldap_fluff/CVE-2012-5604.yml +15 -0
- data/data/ruby-advisory-db/gems/ldoce/CVE-2013-1911.yml +9 -0
- data/data/ruby-advisory-db/gems/lean-ruport/CVE-2014-4998.yml +8 -0
- data/data/ruby-advisory-db/gems/lingq/OSVDB-108585.yml +7 -0
- data/data/ruby-advisory-db/gems/lita_coin/CVE-2019-15224.yml +18 -0
- data/data/ruby-advisory-db/gems/loofah/CVE-2018-16468.yml +16 -0
- data/data/ruby-advisory-db/gems/loofah/CVE-2018-8048.yml +11 -0
- data/data/ruby-advisory-db/gems/loofah/CVE-2019-15587.yml +13 -0
- data/data/ruby-advisory-db/gems/loofah/OSVDB-90945.yml +21 -0
- data/data/ruby-advisory-db/gems/lynx/CVE-2014-5002.yml +11 -0
- data/data/ruby-advisory-db/gems/lynx/OSVDB-108579.yml +7 -0
- data/data/ruby-advisory-db/gems/mail/CVE-2011-0739.yml +21 -0
- data/data/ruby-advisory-db/gems/mail/CVE-2012-2139.yml +14 -0
- data/data/ruby-advisory-db/gems/mail/CVE-2012-2140.yml +16 -0
- data/data/ruby-advisory-db/gems/mail/CVE-2015-9097.yml +26 -0
- data/data/ruby-advisory-db/gems/mapbox-rails/OSVDB-129854.yml +25 -0
- data/data/ruby-advisory-db/gems/mapbox-rails/OSVDB-132871.yml +26 -0
- data/data/ruby-advisory-db/gems/marginalia/CVE-2019-1010191.yml +17 -0
- data/data/ruby-advisory-db/gems/matestack-ui-core/CVE-2020-5241.yml +18 -0
- data/data/ruby-advisory-db/gems/md2pdf/CVE-2013-1948.yml +9 -0
- data/data/ruby-advisory-db/gems/mini_magick/CVE-2013-2616.yml +15 -0
- data/data/ruby-advisory-db/gems/mini_magick/CVE-2019-13574.yml +14 -0
- data/data/ruby-advisory-db/gems/minitar/CVE-2016-10173.yml +20 -0
- data/data/ruby-advisory-db/gems/moped/CVE-2015-4410.yml +17 -0
- data/data/ruby-advisory-db/gems/multi_xml/CVE-2013-0175.yml +16 -0
- data/data/ruby-advisory-db/gems/mustache-js-rails/OSVDB-131671.yml +17 -0
- data/data/ruby-advisory-db/gems/mysql-binuuid-rails/CVE-2018-18476.yml +21 -0
- data/data/ruby-advisory-db/gems/net-ldap/CVE-2014-0083.yml +14 -0
- data/data/ruby-advisory-db/gems/net-ldap/CVE-2017-17718.yml +17 -0
- data/data/ruby-advisory-db/gems/netaddr/CVE-2019-17383.yml +13 -0
- data/data/ruby-advisory-db/gems/newrelic_rpm/CVE-2013-0284.yml +17 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2012-6685.yml +15 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2013-6460.yml +18 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2013-6461.yml +15 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2015-1819.yml +52 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2015-5312.yml +92 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2015-7499.yml +37 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2015-8806.yml +42 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2016-4658.yml +33 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2017-15412.yml +23 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2017-16932.yml +21 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2017-5029.yml +44 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2017-9050.yml +60 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2018-14404.yml +69 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2018-8048.yml +36 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2019-11068.yml +49 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2019-13117.yml +80 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2019-5477.yml +31 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2020-7595.yml +20 -0
- data/data/ruby-advisory-db/gems/nokogiri/OSVDB-118481.yml +15 -0
- data/data/ruby-advisory-db/gems/nori/CVE-2013-0285.yml +19 -0
- data/data/ruby-advisory-db/gems/omniauth-facebook/CVE-2013-4562.yml +22 -0
- data/data/ruby-advisory-db/gems/omniauth-facebook/CVE-2013-4593.yml +17 -0
- data/data/ruby-advisory-db/gems/omniauth-oauth2/CVE-2012-6134.yml +16 -0
- data/data/ruby-advisory-db/gems/omniauth-saml/CVE-2017-11430.yml +17 -0
- data/data/ruby-advisory-db/gems/omniauth/CVE-2015-9284.yml +25 -0
- data/data/ruby-advisory-db/gems/omniauth/CVE-2017-18076.yml +18 -0
- data/data/ruby-advisory-db/gems/omniauth_amazon/CVE-2019-15224.yml +19 -0
- data/data/ruby-advisory-db/gems/open-uri-cached/OSVDB-121701.yml +13 -0
- data/data/ruby-advisory-db/gems/openssl/CVE-2016-7798.yml +16 -0
- data/data/ruby-advisory-db/gems/ox/CVE-2017-15928.yml +16 -0
- data/data/ruby-advisory-db/gems/ox/CVE-2017-16229.yml +16 -0
- data/data/ruby-advisory-db/gems/padrino-contrib/CVE-2019-16145.yml +11 -0
- data/data/ruby-advisory-db/gems/paperclip/CVE-2015-2963.yml +16 -0
- data/data/ruby-advisory-db/gems/paperclip/CVE-2017-0889.yml +23 -0
- data/data/ruby-advisory-db/gems/paperclip/OSVDB-103151.yml +13 -0
- data/data/ruby-advisory-db/gems/paranoid2/CVE-2019-13589.yml +16 -0
- data/data/ruby-advisory-db/gems/paratrooper-newrelic/CVE-2014-1234.yml +13 -0
- data/data/ruby-advisory-db/gems/paratrooper-pingdom/CVE-2014-1233.yml +13 -0
- data/data/ruby-advisory-db/gems/passenger/CVE-2013-2119.yml +15 -0
- data/data/ruby-advisory-db/gems/passenger/CVE-2013-4136.yml +14 -0
- data/data/ruby-advisory-db/gems/passenger/CVE-2014-1831.yml +13 -0
- data/data/ruby-advisory-db/gems/passenger/CVE-2014-1832.yml +13 -0
- data/data/ruby-advisory-db/gems/passenger/CVE-2015-7519.yml +17 -0
- data/data/ruby-advisory-db/gems/passenger/CVE-2016-10345.yml +17 -0
- data/data/ruby-advisory-db/gems/passenger/OSVDB-90738.yml +16 -0
- data/data/ruby-advisory-db/gems/pdfkit/CVE-2013-1607.yml +11 -0
- data/data/ruby-advisory-db/gems/point-cli/CVE-2014-4997.yml +8 -0
- data/data/ruby-advisory-db/gems/private_address_check/CVE-2017-0904.yml +17 -0
- data/data/ruby-advisory-db/gems/private_address_check/CVE-2017-0909.yml +15 -0
- data/data/ruby-advisory-db/gems/private_address_check/CVE-2018-3759.yml +14 -0
- data/data/ruby-advisory-db/gems/puma/CVE-2019-16770.yml +21 -0
- data/data/ruby-advisory-db/gems/puma/CVE-2020-11076.yml +22 -0
- data/data/ruby-advisory-db/gems/puma/CVE-2020-11077.yml +31 -0
- data/data/ruby-advisory-db/gems/puma/CVE-2020-5247.yml +25 -0
- data/data/ruby-advisory-db/gems/puma/CVE-2020-5249.yml +36 -0
- data/data/ruby-advisory-db/gems/quick_magick/OSVDB-106954.yml +7 -0
- data/data/ruby-advisory-db/gems/rack-attack/OSVDB-132234.yml +26 -0
- data/data/ruby-advisory-db/gems/rack-cache/CVE-2012-2671.yml +18 -0
- data/data/ruby-advisory-db/gems/rack-cors/CVE-2017-11173.yml +21 -0
- data/data/ruby-advisory-db/gems/rack-cors/CVE-2019-18978.yml +13 -0
- data/data/ruby-advisory-db/gems/rack-mini-profiler/CVE-2016-4442.yml +17 -0
- data/data/ruby-advisory-db/gems/rack-protection/CVE-2018-1000119.yml +18 -0
- data/data/ruby-advisory-db/gems/rack-protection/CVE-2018-7212.yml +12 -0
- data/data/ruby-advisory-db/gems/rack-ssl/CVE-2014-2538.yml +11 -0
- data/data/ruby-advisory-db/gems/rack/CVE-2011-5036.yml +21 -0
- data/data/ruby-advisory-db/gems/rack/CVE-2012-6109.yml +21 -0
- data/data/ruby-advisory-db/gems/rack/CVE-2013-0183.yml +19 -0
- data/data/ruby-advisory-db/gems/rack/CVE-2013-0184.yml +20 -0
- data/data/ruby-advisory-db/gems/rack/CVE-2013-0262.yml +18 -0
- data/data/ruby-advisory-db/gems/rack/CVE-2013-0263.yml +23 -0
- data/data/ruby-advisory-db/gems/rack/CVE-2015-3225.yml +18 -0
- data/data/ruby-advisory-db/gems/rack/CVE-2018-16470.yml +56 -0
- data/data/ruby-advisory-db/gems/rack/CVE-2018-16471.yml +80 -0
- data/data/ruby-advisory-db/gems/rack/CVE-2019-16782.yml +32 -0
- data/data/ruby-advisory-db/gems/rack/CVE-2020-8161.yml +32 -0
- data/data/ruby-advisory-db/gems/radiant/CVE-2018-5216.yml +12 -0
- data/data/ruby-advisory-db/gems/radiant/CVE-2018-7261.yml +13 -0
- data/data/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2015-7578.yml +47 -0
- data/data/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2015-7579.yml +75 -0
- data/data/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2015-7580.yml +70 -0
- data/data/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2018-3741.yml +20 -0
- data/data/ruby-advisory-db/gems/rails_admin/CVE-2016-10522.yml +21 -0
- data/data/ruby-advisory-db/gems/rails_admin/CVE-2017-12098.yml +22 -0
- data/data/ruby-advisory-db/gems/railties/CVE-2019-5420.yml +49 -0
- data/data/ruby-advisory-db/gems/rake/CVE-2020-8130.yml +18 -0
- data/data/ruby-advisory-db/gems/rbovirt/CVE-2014-0036.yml +20 -0
- data/data/ruby-advisory-db/gems/rdoc/CVE-2013-0256.yml +27 -0
- data/data/ruby-advisory-db/gems/recurly/CVE-2017-0905.yml +35 -0
- data/data/ruby-advisory-db/gems/redcarpet/CVE-2015-5147.yml +17 -0
- data/data/ruby-advisory-db/gems/redcarpet/OSVDB-120415.yml +16 -0
- data/data/ruby-advisory-db/gems/redis-namespace/OSVDB-96425.yml +15 -0
- data/data/ruby-advisory-db/gems/redis-store/CVE-2017-1000248.yml +17 -0
- data/data/ruby-advisory-db/gems/refile/OSVDB-120857.yml +16 -0
- data/data/ruby-advisory-db/gems/rest-client/CVE-2015-1820.yml +23 -0
- data/data/ruby-advisory-db/gems/rest-client/CVE-2015-3448.yml +15 -0
- data/data/ruby-advisory-db/gems/rest-client/CVE-2019-15224.yml +13 -0
- data/data/ruby-advisory-db/gems/restforce/CVE-2018-3777.yml +36 -0
- data/data/ruby-advisory-db/gems/rexical/CVE-2019-5477.yml +21 -0
- data/data/ruby-advisory-db/gems/rgpg/CVE-2013-4203.yml +15 -0
- data/data/ruby-advisory-db/gems/rubocop/CVE-2017-8418.yml +20 -0
- data/data/ruby-advisory-db/gems/ruby-openid/CVE-2019-11027.yml +16 -0
- data/data/ruby-advisory-db/gems/ruby-saml/CVE-2016-5697.yml +20 -0
- data/data/ruby-advisory-db/gems/ruby-saml/CVE-2017-11428.yml +27 -0
- data/data/ruby-advisory-db/gems/ruby-saml/OSVDB-117903.yml +13 -0
- data/data/ruby-advisory-db/gems/ruby-saml/OSVDB-124383.yml +11 -0
- data/data/ruby-advisory-db/gems/ruby-saml/OSVDB-124991.yml +13 -0
- data/data/ruby-advisory-db/gems/ruby_parser-legacy/CVE-2019-18409.yml +16 -0
- data/data/ruby-advisory-db/gems/ruby_parser/CVE-2013-0162.yml +11 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2007-0469.yml +18 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2012-2125.yml +17 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2012-2126.yml +15 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2013-4287.yml +20 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2013-4363.yml +21 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2015-3900.yml +20 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2015-4020.yml +20 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2017-0899.yml +16 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2017-0900.yml +16 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2017-0901.yml +16 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2017-0902.yml +16 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2017-0903.yml +17 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2019-8320.yml +21 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2019-8321.yml +16 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2019-8322.yml +16 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2019-8323.yml +17 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2019-8324.yml +18 -0
- data/data/ruby-advisory-db/gems/rubygems-update/CVE-2019-8325.yml +16 -0
- data/data/ruby-advisory-db/gems/rubyzip/CVE-2017-5946.yml +17 -0
- data/data/ruby-advisory-db/gems/rubyzip/CVE-2018-1000544.yml +19 -0
- data/data/ruby-advisory-db/gems/rubyzip/CVE-2019-16892.yml +13 -0
- data/data/ruby-advisory-db/gems/safemode/CVE-2016-3693.yml +13 -0
- data/data/ruby-advisory-db/gems/safemode/CVE-2017-7540.yml +16 -0
- data/data/ruby-advisory-db/gems/samlr/CVE-2018-20857.yml +16 -0
- data/data/ruby-advisory-db/gems/sanitize/CVE-2018-3740.yml +22 -0
- data/data/ruby-advisory-db/gems/screen_capture/OSVDB-107783.yml +7 -0
- data/data/ruby-advisory-db/gems/secure_headers/CVE-2020-5216.yml +52 -0
- data/data/ruby-advisory-db/gems/secure_headers/CVE-2020-5217.yml +42 -0
- data/data/ruby-advisory-db/gems/sentry-raven/CVE-2014-9490.yml +14 -0
- data/data/ruby-advisory-db/gems/sfpagent/CVE-2014-2888.yml +15 -0
- data/data/ruby-advisory-db/gems/show_in_browser/CVE-2013-2105.yml +8 -0
- data/data/ruby-advisory-db/gems/sidekiq-pro/OSVDB-126329.yml +12 -0
- data/data/ruby-advisory-db/gems/sidekiq-pro/OSVDB-126330.yml +10 -0
- data/data/ruby-advisory-db/gems/sidekiq-pro/OSVDB-126331.yml +14 -0
- data/data/ruby-advisory-db/gems/sidekiq/OSVDB-125675.yml +9 -0
- data/data/ruby-advisory-db/gems/sidekiq/OSVDB-125676.yml +14 -0
- data/data/ruby-advisory-db/gems/sidekiq/OSVDB-125678.yml +9 -0
- data/data/ruby-advisory-db/gems/simple_captcha2/CVE-2019-14282.yml +13 -0
- data/data/ruby-advisory-db/gems/simple_form/CVE-2019-16676.yml +15 -0
- data/data/ruby-advisory-db/gems/sinatra/CVE-2018-11627.yml +16 -0
- data/data/ruby-advisory-db/gems/sinatra/CVE-2018-7212.yml +19 -0
- data/data/ruby-advisory-db/gems/slanger/CVE-2019-1010306.yml +16 -0
- data/data/ruby-advisory-db/gems/smart_proxy_dynflow/CVE-2018-14643.yml +18 -0
- data/data/ruby-advisory-db/gems/sorcery/CVE-2020-11052.yml +27 -0
- data/data/ruby-advisory-db/gems/sounder/CVE-2013-5647.yml +14 -0
- data/data/ruby-advisory-db/gems/spina/CVE-2015-4619.yml +16 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-119205.yml +18 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-125699.yml +18 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-125701.yml +17 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-125712.yml +16 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-125713.yml +15 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-69098.yml +19 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-73751.yml +11 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-76011.yml +15 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-81505.yml +14 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-81506.yml +16 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-90865.yml +20 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-91216.yml +17 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-91217.yml +17 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-91218.yml +17 -0
- data/data/ruby-advisory-db/gems/spree/OSVDB-91219.yml +17 -0
- data/data/ruby-advisory-db/gems/spree_auth/OSVDB-90865.yml +16 -0
- data/data/ruby-advisory-db/gems/spree_auth_devise/OSVDB-90865.yml +20 -0
- data/data/ruby-advisory-db/gems/sprockets/CVE-2014-7819.yml +27 -0
- data/data/ruby-advisory-db/gems/sprockets/CVE-2018-3760.yml +23 -0
- data/data/ruby-advisory-db/gems/sprout/CVE-2013-6421.yml +16 -0
- data/data/ruby-advisory-db/gems/strong_password/CVE-2019-13354.yml +19 -0
- data/data/ruby-advisory-db/gems/sup/CVE-2013-4478.yml +14 -0
- data/data/ruby-advisory-db/gems/sup/CVE-2013-4479.yml +14 -0
- data/data/ruby-advisory-db/gems/thumbshooter/CVE-2013-1898.yml +9 -0
- data/data/ruby-advisory-db/gems/twitter-bootstrap-rails/OSVDB-109206.yml +22 -0
- data/data/ruby-advisory-db/gems/uglifier/OSVDB-126747.yml +19 -0
- data/data/ruby-advisory-db/gems/user_agent_parser/CVE-2020-5243.yml +28 -0
- data/data/ruby-advisory-db/gems/web-console/CVE-2015-3224.yml +22 -0
- data/data/ruby-advisory-db/gems/web-console/OSVDB-112346.yml +12 -0
- data/data/ruby-advisory-db/gems/webbynode/CVE-2013-7086.yml +12 -0
- data/data/ruby-advisory-db/gems/websocket-extensions/CVE-2020-7663.yml +35 -0
- data/data/ruby-advisory-db/gems/wicked/CVE-2013-4413.yml +14 -0
- data/data/ruby-advisory-db/gems/will_paginate/CVE-2013-6459.yml +15 -0
- data/data/ruby-advisory-db/gems/xaviershay-dm-rails/CVE-2015-2179.yml +13 -0
- data/data/ruby-advisory-db/gems/yajl-ruby/CVE-2017-16516.yml +19 -0
- data/data/ruby-advisory-db/gems/yard/CVE-2017-17042.yml +16 -0
- data/data/ruby-advisory-db/gems/yard/CVE-2019-1020001.yml +17 -0
- data/data/ruby-advisory-db/gems/yard/GHSA-xfhh-rx56-rxcr.yml +12 -0
- data/data/ruby-advisory-db/lib/cf_scrape.py +5 -0
- data/data/ruby-advisory-db/lib/github_advisory_sync.rb +296 -0
- data/data/ruby-advisory-db/libraries/rubygems +1 -0
- data/data/ruby-advisory-db/rubies/jruby/CVE-2010-1330.yml +17 -0
- data/data/ruby-advisory-db/rubies/jruby/CVE-2011-4838.yml +15 -0
- data/data/ruby-advisory-db/rubies/jruby/CVE-2012-5370.yml +17 -0
- data/data/ruby-advisory-db/rubies/jruby/OSVDB-94644.yml +12 -0
- data/data/ruby-advisory-db/rubies/rbx/CVE-2012-5372.yml +17 -0
- data/data/ruby-advisory-db/rubies/rbx/OSVDB-78119.yml +13 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2007-5162.yml +16 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2007-5770.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2008-1447.yml +15 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2008-1891.yml +21 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2008-2376.yml +18 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2008-2662.yml +22 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2008-2663.yml +21 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2008-2664.yml +21 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2008-2725.yml +22 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2008-2726.yml +18 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2008-3443.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2008-3655.yml +18 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2008-3656.yml +19 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2008-3657.yml +16 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2008-3790.yml +16 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2008-3905.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2009-0642.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2009-1904.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2009-4124.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2009-4492.yml +20 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2009-5147.yml +13 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2010-0541.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2010-2489.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2011-0188.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2011-1004.yml +20 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2011-1005.yml +15 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2011-2686.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2011-2705.yml +16 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2011-3009.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2011-3389.yml +18 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2011-4815.yml +14 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2012-4464.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2012-4466.yml +16 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2012-4481.yml +15 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2012-4522.yml +16 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2012-5371.yml +18 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2013-1821.yml +16 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2013-2065.yml +19 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2013-4073.yml +21 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2013-4164.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2014-2525.yml +20 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2014-3916.yml +16 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2014-4975.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2014-8080.yml +19 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2014-8090.yml +22 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2015-1855.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2015-7551.yml +19 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2015-9096.yml +20 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2017-0898.yml +19 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2017-10784.yml +25 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2017-14033.yml +22 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2017-14064.yml +20 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2017-17405.yml +22 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2017-17742.yml +22 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2018-16395.yml +36 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2018-16396.yml +26 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2018-6914.yml +27 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2018-8777.yml +21 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2018-8778.yml +20 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2018-8779.yml +28 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2018-8780.yml +22 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2019-15845.yml +18 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2019-16201.yml +15 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2019-16254.yml +19 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2019-16255.yml +20 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2020-10663.yml +29 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2020-10933.yml +25 -0
- data/data/ruby-advisory-db/scripts/post-advisories.sh +18 -0
- data/data/ruby-advisory-db/spec/advisories_spec.rb +23 -0
- data/data/ruby-advisory-db/spec/advisory_example.rb +228 -0
- data/data/ruby-advisory-db/spec/gem_example.rb +44 -0
- data/data/ruby-advisory-db/spec/library_example.rb +21 -0
- data/data/ruby-advisory-db/spec/ruby_example.rb +29 -0
- data/data/ruby-advisory-db/spec/schemas/gem.yml +71 -0
- data/data/ruby-advisory-db/spec/schemas/ruby.yml +36 -0
- data/data/ruby-advisory-db/spec/spec_helper.rb +2 -0
- data/lib/bundler/audit/version.rb +1 -1
- metadata +550 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c1c2ead83ab8d3dac034093a5ac034fbf3235fed7077e47c2f491a9f8fa24d6c
|
4
|
+
data.tar.gz: c520084f591d25b66f1524a1bfaa900297a6c4517e000f38ce46bc66fbdb812a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: becd1a0bf6735ab08c3db5bd18199ceea5682e240a18ea2da88b8f9ff7c121ca11e5912613b559dc5916ff5db3e8e1d93627ead52e5a5bfc9f89ea574efb867d
|
7
|
+
data.tar.gz: 8a111e0b5e19eff5777bbe117560cc16f6d70a113fbb3d5059457557647a31ecef80f54956bb4f44d866d970579ed1fe19b0279aceed5355100b95a307a79491
|
data/ChangeLog.md
CHANGED
@@ -1,10 +1,14 @@
|
|
1
|
+
### 0.7.0.1 / 2020-06-12
|
2
|
+
|
3
|
+
* Forgot to populate `data/ruby-advisory-db`.
|
4
|
+
|
1
5
|
### 0.7.0 / 2020-06-12
|
2
6
|
|
3
7
|
* Require [thor] >= 0.18, < 2.
|
4
8
|
* Added {Bundler::Audit::Advisory#ghsa} (@rschultheis).
|
5
9
|
* Added {Bundler::Audit::Advisory#cvss_v3} (@ahamlin-nr).
|
6
10
|
* Added {Bundler::Audit::Advisory#identifiers} (@rschultheis).
|
7
|
-
* Updated {Bundler::Audit::Advisory#criticality} ranges (@
|
11
|
+
* Updated {Bundler::Audit::Advisory#criticality} ranges (@reedloden).
|
8
12
|
* Avoid rebasing the ruby-advisory-db when updating (@nicknovitski).
|
9
13
|
* Fixed issue with Bundler 2.x where source URIs are no longer parsed as
|
10
14
|
`URI::HTTP` objects, but as `Bundler::URI::HTTP` objects. (@milgner)
|
data/Rakefile
CHANGED
@@ -14,9 +14,13 @@ require 'time'
|
|
14
14
|
require 'rubygems/tasks'
|
15
15
|
Gem::Tasks.new
|
16
16
|
|
17
|
+
directory 'data/ruby-advisory-db' do
|
18
|
+
sh 'git', 'submodule', 'update', '--init'
|
19
|
+
end
|
20
|
+
|
17
21
|
namespace :db do
|
18
22
|
desc 'Updates data/ruby-advisory-db'
|
19
|
-
task :update do
|
23
|
+
task :update => 'data/ruuby-advsisory-db' do
|
20
24
|
timestamp = nil
|
21
25
|
|
22
26
|
chdir 'data/ruby-advisory-db' do
|
data/data/ruby-advisory-db.ts
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2020-06-
|
1
|
+
2020-06-12 22:55:28 UTC
|
@@ -0,0 +1 @@
|
|
1
|
+
_site
|
@@ -0,0 +1 @@
|
|
1
|
+
--colour
|
@@ -0,0 +1,12 @@
|
|
1
|
+
language: ruby
|
2
|
+
|
3
|
+
sudo: false
|
4
|
+
|
5
|
+
cache: bundler
|
6
|
+
|
7
|
+
notifications:
|
8
|
+
irc: chat.freenode.net#rubysec
|
9
|
+
|
10
|
+
env:
|
11
|
+
global:
|
12
|
+
- secure: ZXwsZdbCej15IcIazEIjy12o5v5EI8/Hle/VP1EabfbHsA5Mw+lrliMAV80C8Iy+p4mI66WIO/3Ovm64L1nGDBGs3dKUjtDvNPCKHlK2xK7AhvkcJnzbjWTAzWZY17STJO45DUdr/vuVbvQZ8llLosSOBs+grGsszCSEIOibqjU=
|
@@ -0,0 +1,71 @@
|
|
1
|
+
# Contributing Guidelines
|
2
|
+
|
3
|
+
* All text must be within 80 columns.
|
4
|
+
* YAML must be indented by 2 spaces.
|
5
|
+
* Have any questions? Feel free to open an issue.
|
6
|
+
* Prior to submitting a pull request, run the tests:
|
7
|
+
|
8
|
+
```
|
9
|
+
bundle install
|
10
|
+
bundle exec rspec
|
11
|
+
```
|
12
|
+
|
13
|
+
* Follow the schema. Here is an example advisory:
|
14
|
+
|
15
|
+
```yaml
|
16
|
+
---
|
17
|
+
gem: examplegem
|
18
|
+
cve: 2013-0156
|
19
|
+
date: 2013-05-01
|
20
|
+
url: https://github.com/rubysec/ruby-advisory-db/issues/123456
|
21
|
+
title: |
|
22
|
+
Ruby on Rails params_parser.rb Action Pack Type Casting Parameter Parsing
|
23
|
+
Remote Code Execution
|
24
|
+
|
25
|
+
description: |
|
26
|
+
Ruby on Rails contains a flaw in params_parser.rb of the Action Pack.
|
27
|
+
The issue is triggered when a type casting error occurs during the parsing
|
28
|
+
of parameters. This may allow a remote attacker to potentially execute
|
29
|
+
arbitrary code.
|
30
|
+
|
31
|
+
cvss_v2: 10.0
|
32
|
+
cvss_v3: 9.8
|
33
|
+
|
34
|
+
patched_versions:
|
35
|
+
- ~> 2.3.15
|
36
|
+
- ~> 3.0.19
|
37
|
+
- ~> 3.1.10
|
38
|
+
- ">= 3.2.11"
|
39
|
+
unaffected_versions:
|
40
|
+
- ~> 2.4.3
|
41
|
+
|
42
|
+
related:
|
43
|
+
cve:
|
44
|
+
- 2013-1234567
|
45
|
+
- 2013-1234568
|
46
|
+
url:
|
47
|
+
- https://github.com/rubysec/ruby-advisory-db/issues/123457
|
48
|
+
|
49
|
+
```
|
50
|
+
### Schema
|
51
|
+
|
52
|
+
* `gem` \[String\] (required): Name of the affected gem.
|
53
|
+
* `framework` \[String\] (optional): Name of the framework which the affected gem belongs to.
|
54
|
+
* `platform` \[String\] (optional): If this vulnerability is platform-specific, name of platform this vulnerability affects (e.g. jruby)
|
55
|
+
* `cve` \[String\] (optional): Common Vulnerabilities and Exposures (CVE) ID.
|
56
|
+
* `osvdb` \[Integer\] (optional): Open Sourced Vulnerability Database (OSVDB) ID.
|
57
|
+
* `ghsa` \[String\] (optional): GitHub Security Advisory (GHSA) ID.
|
58
|
+
* `url` \[String\] (required): The URL to the full advisory.
|
59
|
+
* `title` \[String\] (required): The title of the advisory or individual vulnerability.
|
60
|
+
* `date` \[Date\] (required): The public disclosure date of the advisory.
|
61
|
+
* `description` \[String\] (required): One or more paragraphs describing the vulnerability.
|
62
|
+
* `cvss_v2` \[Float\] (optional): The [CVSSv2] score for the vulnerability.
|
63
|
+
* `cvss_v3` \[Float\] (optional): The [CVSSv3] score for the vulnerability.
|
64
|
+
* `unaffected_versions` \[Array\<String\>\] (optional): The version requirements for the
|
65
|
+
unaffected versions of the Ruby library.
|
66
|
+
* `patched_versions` \[Array\<String\>\] (optional): The version requirements for the
|
67
|
+
patched versions of the Ruby library.
|
68
|
+
* `related` \[Hash\<Array\<String\>\>\] (optional): Sometimes an advisory references many urls and cves. Supported keys: `cve` and `url`
|
69
|
+
|
70
|
+
[CVSSv2]: https://www.first.org/cvss/v2/guide
|
71
|
+
[CVSSv3]: https://www.first.org/cvss/user-guide
|
@@ -0,0 +1,41 @@
|
|
1
|
+
### Acknowledgements
|
2
|
+
|
3
|
+
This database would not be possible without volunteers willing to submit pull requests. In no particular order, we'd like to thank:
|
4
|
+
|
5
|
+
* [Postmodern](https://github.com/postmodern/)
|
6
|
+
* [Max Veytsman](https://twitter.com/mveytsman)
|
7
|
+
* [Pietro Monteiro](https://github.com/pietro)
|
8
|
+
* [Eric Hodel](https://github.com/drbrain)
|
9
|
+
* [Brendon Murphy](https://github.com/bemurphy)
|
10
|
+
* [Oliver Legg](https://github.com/olly)
|
11
|
+
* [Larry W. Cashdollar](http://vapid.dhs.org/)
|
12
|
+
* [Michael Grosser](https://github.com/grosser)
|
13
|
+
* [Sascha Korth](https://github.com/skorth)
|
14
|
+
* [David Radcliffe](https://github.com/dwradcliffe)
|
15
|
+
* [Jörg Schiller](https://github.com/joergschiller)
|
16
|
+
* [Derek Prior](https://github.com/derekprior)
|
17
|
+
* [Joel Chippindale](https://github.com/mocoso)
|
18
|
+
* [Josef Šimánek](https://github.com/simi)
|
19
|
+
* [Amiel Martin](https://github.com/amiel)
|
20
|
+
* [Jeremy Olliver](https://github.com/jeremyolliver)
|
21
|
+
* [Vasily Vasinov](https://github.com/vasinov)
|
22
|
+
* [Phill MV](https://twitter.com/phillmv)
|
23
|
+
* [Jon Kessler](https://github.com/jonkessler)
|
24
|
+
* [James Harton](https://github.com/jamesotron)
|
25
|
+
* [Justin Collins](https://github.com/presidentbeef)
|
26
|
+
* [Andy Brody](https://github.com/ab)
|
27
|
+
* [Alexey Zapparov](https://github.com/ixti)
|
28
|
+
* [Toni Reina](https://github.com/areina)
|
29
|
+
* [Bernard Lambeau](https://github.com/blambeau)
|
30
|
+
* [Don Morrison](https://github.com/elskwid)
|
31
|
+
* [John Poulin](https://github.com/forced-request)
|
32
|
+
* [Neal Harris](https://github.com/nealharris)
|
33
|
+
* [Justin Bull](https://github.com/f3ndot)
|
34
|
+
* [Andrew Selder](https://github.com/aselder)
|
35
|
+
* [Vanessa Henderson](https://github.com/VanessaHenderson)
|
36
|
+
* [Reed Loden](https://github.com/reedloden)
|
37
|
+
* [ecneladis](https://github.com/ecneladis)
|
38
|
+
* [Brendan Coles](https://github.com/bcoles)
|
39
|
+
* [Florian Wininger](https://github.com/fwininger)
|
40
|
+
|
41
|
+
The rubysec.com domain was graciously donated by [Jordi Massaguer](https://github.com/jordimassaguerpla).
|
@@ -0,0 +1,5 @@
|
|
1
|
+
If you submit code or data to the ruby-advisory-db that is copyrighted by yourself, upon submission you hereby agree to release it into the public domain.
|
2
|
+
|
3
|
+
However, not all of the ruby-advisory-db can be considered public domain. The ruby-advisory-db may contain some information copyrighted by the Open Source Vulnerability Database (http://osvdb.org). If you use ruby-advisory-db data to build a product or a service, it is your responsibility to familiarize yourself with the terms of their license: http://www.osvdb.org/osvdb_license
|
4
|
+
|
5
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
@@ -0,0 +1,133 @@
|
|
1
|
+
# Ruby Advisory Database
|
2
|
+
|
3
|
+
The Ruby Advisory Database is a community effort to compile all security advisories that are relevant to Ruby libraries.
|
4
|
+
|
5
|
+
You can check your own Gemfile.locks against this database by using [bundler-audit](https://github.com/rubysec/bundler-audit).
|
6
|
+
|
7
|
+
## Support Ruby security!
|
8
|
+
|
9
|
+
Do you know about a vulnerability that isn't listed in this database? Open an issue, submit a PR, or [use this form](https://rubysec.com/advisories/new) which will email the maintainers.
|
10
|
+
|
11
|
+
## Directory Structure
|
12
|
+
|
13
|
+
The database is a list of directories that match the names of Ruby libraries on
|
14
|
+
[rubygems.org]. Within each directory are one or more advisory files
|
15
|
+
for the Ruby library. These advisory files are named using
|
16
|
+
the advisories' [CVE] identifier number.
|
17
|
+
|
18
|
+
gems/:
|
19
|
+
actionpack/:
|
20
|
+
CVE-2014-0130.yml CVE-2014-7818.yml CVE-2014-7829.yml CVE-2015-7576.yml
|
21
|
+
CVE-2015-7581.yml CVE-2016-0751.yml CVE-2016-0752.yml
|
22
|
+
|
23
|
+
## Format
|
24
|
+
|
25
|
+
Each advisory file contains the advisory information in [YAML] format:
|
26
|
+
|
27
|
+
---
|
28
|
+
gem: examplegem
|
29
|
+
cve: 2013-0156
|
30
|
+
date: 2013-05-01
|
31
|
+
url: https://github.com/rubysec/ruby-advisory-db/issues/123456
|
32
|
+
title: |
|
33
|
+
Ruby on Rails params_parser.rb Action Pack Type Casting Parameter Parsing
|
34
|
+
Remote Code Execution
|
35
|
+
|
36
|
+
description: |
|
37
|
+
Ruby on Rails contains a flaw in params_parser.rb of the Action Pack.
|
38
|
+
The issue is triggered when a type casting error occurs during the parsing
|
39
|
+
of parameters. This may allow a remote attacker to potentially execute
|
40
|
+
arbitrary code.
|
41
|
+
|
42
|
+
cvss_v2: 10.0
|
43
|
+
cvss_v3: 9.8
|
44
|
+
|
45
|
+
patched_versions:
|
46
|
+
- ~> 2.3.15
|
47
|
+
- ~> 3.0.19
|
48
|
+
- ~> 3.1.10
|
49
|
+
- ">= 3.2.11"
|
50
|
+
unaffected_versions:
|
51
|
+
- ~> 2.4.3
|
52
|
+
|
53
|
+
related:
|
54
|
+
cve:
|
55
|
+
- 2013-1234567
|
56
|
+
- 2013-1234568
|
57
|
+
url:
|
58
|
+
- https://github.com/rubysec/ruby-advisory-db/issues/123457
|
59
|
+
|
60
|
+
|
61
|
+
### Schema
|
62
|
+
|
63
|
+
* `gem` \[String\] (required): Name of the affected gem.
|
64
|
+
* `framework` \[String\] (optional): Name of the framework which the affected
|
65
|
+
gem belongs to.
|
66
|
+
* `platform` \[String\] (optional): If this vulnerability is platform-specific, name of platform this vulnerability affects (e.g. jruby)
|
67
|
+
* `cve` \[String\] (optional): Common Vulnerabilities and Exposures (CVE) ID.
|
68
|
+
* `osvdb` \[Integer\] (optional): Open Sourced Vulnerability Database (OSVDB) ID.
|
69
|
+
* `ghsa` \[String\] (optional): GitHub Security Advisory (GHSA) ID.
|
70
|
+
* `url` \[String\] (required): The URL to the full advisory.
|
71
|
+
* `title` \[String\] (required): The title of the advisory or individual vulnerability.
|
72
|
+
* `date` \[Date\] (required): The public disclosure date of the advisory.
|
73
|
+
* `description` \[String\] (required): One or more paragraphs describing the vulnerability.
|
74
|
+
* `cvss_v2` \[Float\] (optional): The [CVSSv2] score for the vulnerability.
|
75
|
+
* `cvss_v3` \[Float\] (optional): The [CVSSv3] score for the vulnerability.
|
76
|
+
* `unaffected_versions` \[Array\<String\>\] (optional): The version requirements for the
|
77
|
+
unaffected versions of the Ruby library.
|
78
|
+
* `patched_versions` \[Array\<String\>\] (optional): The version requirements for the
|
79
|
+
patched versions of the Ruby library.
|
80
|
+
* `related` \[Hash\<Array\<String\>\>\] (optional): Sometimes an advisory references many urls and other identifiers. Supported keys: `cve`, `ghsa`, `osvdb`, and `url`
|
81
|
+
|
82
|
+
### Tests
|
83
|
+
Prior to submitting a pull request, run the tests:
|
84
|
+
|
85
|
+
```
|
86
|
+
bundle install
|
87
|
+
bundle exec rspec
|
88
|
+
```
|
89
|
+
|
90
|
+
### GitHub Advisory Sync
|
91
|
+
|
92
|
+
There is a script that will create initial yaml files for RubyGem advisories which
|
93
|
+
are in the [GitHub Security Advisory API](https://developer.github.com/v4/object/securityadvisory/),
|
94
|
+
but are not already in this dataset. This script can be periodically run to ensure
|
95
|
+
this repo has all the data that is present in the GitHub Advisory data.
|
96
|
+
|
97
|
+
The GitHub Advisory API requires a token to access it.
|
98
|
+
- It can be a completely scopeless token (recommended); it does not require any permissions at all.
|
99
|
+
- Get yours at https://github.com/settings/tokens
|
100
|
+
|
101
|
+
To run the GitHub Advisory sync, start by executing the rake task:
|
102
|
+
```
|
103
|
+
GH_API_TOKEN=<your GitHub API Token> bundle exec rake sync_github_advisories
|
104
|
+
```
|
105
|
+
|
106
|
+
- The rake task will write yaml files for any missing advisories.
|
107
|
+
- Those files must be further edited.
|
108
|
+
- Fill in `cvss_v3` field by following the CVE link and getting it from page
|
109
|
+
- Fill in `patched_versions` field, using the comments at the bottom of the file
|
110
|
+
- Fill in `unaffected_versions`, optional, if there are unaffected_versions
|
111
|
+
- delete the GitHub data at the bottom of the yaml file
|
112
|
+
- double check all the data, commit it, and make a PR
|
113
|
+
- *The GitHub Advisory data is structured opposite of RubySec unfortunately:
|
114
|
+
GitHub identifies version range which are vulnerable; RubySec identifies
|
115
|
+
version ranges which are not vulnerable. This is why some manual
|
116
|
+
work to translate is needed.*
|
117
|
+
|
118
|
+
|
119
|
+
## Credits
|
120
|
+
|
121
|
+
Please see [CONTRIBUTORS.md].
|
122
|
+
|
123
|
+
This database also includes data from the [Open Sourced Vulnerability Database][OSVDB]
|
124
|
+
developed by the Open Security Foundation (OSF) and its contributors.
|
125
|
+
|
126
|
+
[rubygems.org]: https://rubygems.org/
|
127
|
+
[CVE]: https://cve.mitre.org/
|
128
|
+
[OSVDB]: http://www.osvdb.org/
|
129
|
+
[GHSA]: https://help.github.com/en/articles/about-maintainer-security-advisories
|
130
|
+
[CVSSv2]: https://www.first.org/cvss/v2/guide
|
131
|
+
[CVSSv3]: https://www.first.org/cvss/user-guide
|
132
|
+
[YAML]: http://www.yaml.org/
|
133
|
+
[CONTRIBUTORS.md]: https://github.com/rubysec/ruby-advisory-db/blob/master/CONTRIBUTORS.md
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'yaml'
|
2
|
+
|
3
|
+
namespace :lint do
|
4
|
+
begin
|
5
|
+
require 'rspec/core/rake_task'
|
6
|
+
|
7
|
+
RSpec::Core::RakeTask.new(:yaml)
|
8
|
+
rescue LoadError => e
|
9
|
+
task :spec do
|
10
|
+
abort "Please run `gem install rspec` to install RSpec."
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
desc "Sync GitHub RubyGem Advisories into this project"
|
16
|
+
task :sync_github_advisories do
|
17
|
+
require_relative "lib/github_advisory_sync"
|
18
|
+
GitHub::GitHubAdvisorySync.sync
|
19
|
+
end
|
20
|
+
|
21
|
+
task :lint => ['lint:yaml']
|
22
|
+
task :default => :lint
|
@@ -0,0 +1,12 @@
|
|
1
|
+
---
|
2
|
+
gem: Arabic-Prawn
|
3
|
+
cve: 2014-2322
|
4
|
+
osvdb: 104365
|
5
|
+
url: https://nvd.nist.gov/vuln/detail/CVE-2014-2322
|
6
|
+
title: Arabic Prawn Gem for Ruby lib/string_utf_support.rb User Input Handling Remote Command Injection
|
7
|
+
date: 2014-03-10
|
8
|
+
description: |
|
9
|
+
Arabic Prawn Gem for Ruby contains a flaw in the lib/string_utf_support.rb
|
10
|
+
file. The issue is due to the program failing to sanitize user input. This may
|
11
|
+
allow a remote attacker to inject arbitrary commands.
|
12
|
+
cvss_v2: 7.5
|
@@ -0,0 +1,21 @@
|
|
1
|
+
---
|
2
|
+
gem: RedCloth
|
3
|
+
cve: 2012-6684
|
4
|
+
osvdb: 115941
|
5
|
+
url: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6684
|
6
|
+
title: RedCloth Gem for Ruby Textile Link Parsing XSS
|
7
|
+
date: 2012-02-29
|
8
|
+
description: |
|
9
|
+
RedCloth Gem for Ruby contains a flaw that allows a cross-site scripting (XSS)
|
10
|
+
attack. This flaw exists because the program does not validate input when
|
11
|
+
parsing textile links before returning it to users. This may allow a remote
|
12
|
+
attacker to create a specially crafted request that would execute arbitrary
|
13
|
+
script code in a user's browser session within the trust relationship between
|
14
|
+
their browser and the server.
|
15
|
+
cvss_v2: 4.3
|
16
|
+
patched_versions:
|
17
|
+
- ">= 4.3.0"
|
18
|
+
related:
|
19
|
+
url:
|
20
|
+
- https://github.com/jgarber/redcloth/commit/2f6dab4d6aea5cee778d2f37a135637fe3f1573c
|
21
|
+
- http://co3k.org/blog/redcloth-unfixed-xss-en
|
@@ -0,0 +1,13 @@
|
|
1
|
+
---
|
2
|
+
gem: VladTheEnterprising
|
3
|
+
cve: 2014-4995
|
4
|
+
osvdb: 108728
|
5
|
+
url: https://nvd.nist.gov/vuln/detail/CVE-2014-4995
|
6
|
+
title: VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact
|
7
|
+
date: 2014-06-30
|
8
|
+
description: |
|
9
|
+
VladTheEnterprising Gem for Ruby contains a flaw as the program creates
|
10
|
+
temporary files insecurely. It is possible for a local attacker to use
|
11
|
+
a symlink attack against the /tmp/my.cnf.#{target_host} file they can
|
12
|
+
overwrite arbitrary files, gain access to the MySQL root password,
|
13
|
+
or inject arbitrary commands.
|
@@ -0,0 +1,13 @@
|
|
1
|
+
---
|
2
|
+
gem: VladTheEnterprising
|
3
|
+
cve: 2014-4996
|
4
|
+
osvdb: 108728
|
5
|
+
url: https://nvd.nist.gov/vuln/detail/CVE-2014-4996
|
6
|
+
title: VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact
|
7
|
+
date: 2014-06-30
|
8
|
+
description: |
|
9
|
+
VladTheEnterprising Gem for Ruby contains a flaw as the program creates
|
10
|
+
temporary files insecurely. It is possible for a local attacker to use
|
11
|
+
a symlink attack against the /tmp/my.cnf.#{target_host} file they can
|
12
|
+
overwrite arbitrary files, gain access to the MySQL root password,
|
13
|
+
or inject arbitrary commands.
|
@@ -0,0 +1,17 @@
|
|
1
|
+
---
|
2
|
+
gem: actionmailer
|
3
|
+
cve: 2013-4389
|
4
|
+
osvdb: 98629
|
5
|
+
url: https://nvd.nist.gov/vuln/detail/CVE-2013-4389
|
6
|
+
title: Action Mailer Gem for Ruby contains a possible DoS Vulnerability
|
7
|
+
date: 2013-10-16
|
8
|
+
description: Action Mailer Gem for Ruby contains a format string flaw in
|
9
|
+
the Log Subscriber component. The issue is triggered as format string
|
10
|
+
specifiers (e.g. %s and %x) are not properly sanitized in user-supplied
|
11
|
+
input when handling email addresses. This may allow a remote attacker
|
12
|
+
to cause a denial of service
|
13
|
+
cvss_v2: 4.3
|
14
|
+
unaffected_versions:
|
15
|
+
- ~> 2.3.2
|
16
|
+
patched_versions:
|
17
|
+
- '>= 3.2.15'
|
@@ -0,0 +1,40 @@
|
|
1
|
+
---
|
2
|
+
gem: actionpack-page_caching
|
3
|
+
cve: 2020-8159
|
4
|
+
url: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8
|
5
|
+
date: 2020-05-06
|
6
|
+
title: Arbitrary file write/potential remote code execution in actionpack-page_caching
|
7
|
+
description: |
|
8
|
+
There is a vulnerability in the actionpack-page_caching gem that allows an attacker
|
9
|
+
to write arbitrary files to a web server, potentially resulting in remote code execution
|
10
|
+
if the attacker can write unescaped ERB to a view.
|
11
|
+
|
12
|
+
Versions Affected: All versions of actionpack-page_caching (part of Rails prior to Rails 4.0)
|
13
|
+
Not affected: Applications not using actionpack-page_caching
|
14
|
+
Fixed Versions: actionpack-page_caching >= 1.2.1
|
15
|
+
|
16
|
+
Impact
|
17
|
+
------
|
18
|
+
|
19
|
+
The Action Pack Page Caching gem writes cache files to the file system in
|
20
|
+
order for the front end webserver (nginx, Apache, etc) to serve the cached
|
21
|
+
file without making a request to the application server. Paths contain what
|
22
|
+
is effectively user input can be used to manipulate the location of the cache
|
23
|
+
file.
|
24
|
+
|
25
|
+
For example "/users/123" could be changed to "/users/../../../foo" and this
|
26
|
+
will escape the cache directory. Attackers can use this technique to
|
27
|
+
springboard to an RCE if they can write arbitrary ERb to a view folder.
|
28
|
+
|
29
|
+
Impacted code looks like this:
|
30
|
+
|
31
|
+
```
|
32
|
+
class BooksController < ApplicationController
|
33
|
+
caches_page :show
|
34
|
+
end
|
35
|
+
```
|
36
|
+
|
37
|
+
Where the `show` action of the `BooksController` may be vulnerable.
|
38
|
+
|
39
|
+
patched_versions:
|
40
|
+
- ">= 1.2.1"
|