diff --git a/gems/blockchain_wallet/CVE-2019-15224.yml b/gems/blockchain_wallet/CVE-2019-15224.yml index 6f37b3fb40..d413438c75 100644 --- a/gems/blockchain_wallet/CVE-2019-15224.yml +++ b/gems/blockchain_wallet/CVE-2019-15224.yml @@ -2,7 +2,7 @@ gem: blockchain_wallet cve: 2019-15224 ghsa: 333g-rpr4-7hxq -url: https://github.com/rubygems.org/issues/2097 +url: https://github.com/advisories/GHSA-333g-rpr4-7hxq title: Code execution backdoor in blockchain_wallet date: 2019-08-20 description: | diff --git a/gems/bundler/CVE-2020-36327.yml b/gems/bundler/CVE-2020-36327.yml index 54db49f45f..525e50ccf1 100644 --- a/gems/bundler/CVE-2020-36327.yml +++ b/gems/bundler/CVE-2020-36327.yml @@ -3,7 +3,7 @@ gem: bundler cve: 2020-36327 ghsa: fp4w-jxhp-m23p date: 2020-09-30 -url: https://github.com/rubygems/rubygems/issues/3982 +url: https://github.com/advisories/GHSA-fp4w-jxhp-m23p title: Dependency Confusion in Bundler with Implicit Private Dependencies description: | Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a @@ -28,3 +28,4 @@ related: - https://www.zofrex.com/blog/2021/04/29/bundler-still-vulnerable-dependency-confusion-cve-2020-36327/ - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24105 - https://github.com/rubygems/rubygems/pull/4609 + - https://github.com/advisories/GHSA-fp4w-jxhp-m23p diff --git a/gems/capistrano-colors/CVE-2019-15224.yml b/gems/capistrano-colors/CVE-2019-15224.yml index 1df4e96021..cba66359ec 100644 --- a/gems/capistrano-colors/CVE-2019-15224.yml +++ b/gems/capistrano-colors/CVE-2019-15224.yml @@ -2,7 +2,7 @@ gem: capistrano-colors cve: 2019-15224 ghsa: 333g-rpr4-7hxq -url: https://github.com/rubygems.org/issues/2097 +url: https://github.com/advisories/GHSA-333g-rpr4-7hxq title: Code execution backdoor in capistrano-colors date: 2019-08-20 description: | diff --git a/gems/coin_base/CVE-2019-15224.yml b/gems/coin_base/CVE-2019-15224.yml index d325627cf9..1ae55b43d8 100644 --- a/gems/coin_base/CVE-2019-15224.yml +++ b/gems/coin_base/CVE-2019-15224.yml @@ -2,7 +2,7 @@ gem: coin_base cve: 2019-15224 ghsa: 333g-rpr4-7hxq -url: https://github.com/rubygems.org/issues/2097 +url: https://github.com/advisories/GHSA-333g-rpr4-7hxq title: Code execution backdoor in coin_base date: 2019-08-20 description: | diff --git a/gems/coming-soon/CVE-2019-15224.yml b/gems/coming-soon/CVE-2019-15224.yml index 8b6a4a35e0..ef9d98c9ba 100644 --- a/gems/coming-soon/CVE-2019-15224.yml +++ b/gems/coming-soon/CVE-2019-15224.yml @@ -2,7 +2,7 @@ gem: coming-soon cve: 2019-15224 ghsa: 333g-rpr4-7hxq -url: https://github.com/rubygems.org/issues/2097 +url: https://github.com/advisories/GHSA-333g-rpr4-7hxq title: Code execution backdoor in coming-soon date: 2019-08-20 description: | diff --git a/gems/cron_parser/CVE-2019-15224.yml b/gems/cron_parser/CVE-2019-15224.yml index c6af6940a2..66f54e1a9e 100644 --- a/gems/cron_parser/CVE-2019-15224.yml +++ b/gems/cron_parser/CVE-2019-15224.yml @@ -2,7 +2,7 @@ gem: cron_parser cve: 2019-15224 ghsa: 333g-rpr4-7hxq -url: https://github.com/rubygems.org/issues/2097 +url: https://github.com/advisories/GHSA-333g-rpr4-7hxq title: Code execution backdoor in cron_parser date: 2019-08-20 description: | diff --git a/gems/devise/CVE-2019-16109.yml b/gems/devise/CVE-2019-16109.yml index dc71e1f2a5..ed0b061880 100644 --- a/gems/devise/CVE-2019-16109.yml +++ b/gems/devise/CVE-2019-16109.yml @@ -2,7 +2,7 @@ gem: devise cve: 2019-16109 ghsa: fcjw-8rhj-gwwc -url: https://github.com/plataformatec/devise/issues/5071 +url: https://github.com/advisories/GHSA-fcjw-8rhj-gwwc title: Devise Gem for Ruby confirmation token validation with a blank string date: 2019-09-08 description: | @@ -12,3 +12,8 @@ description: | cvss_v3: 5.3 patched_versions: - ">= 4.7.1" +related: + url: + - https://github.com/heartcombo/devise/blob/v4.7.1/CHANGELOG.md + - https://github.com/heartcombo/devise/pull/5132 + - https://github.com/heartcombo/devise/issues/5071 diff --git a/gems/devise/CVE-2019-5421.yml b/gems/devise/CVE-2019-5421.yml index aa5c38c67e..82c71cb1f6 100644 --- a/gems/devise/CVE-2019-5421.yml +++ b/gems/devise/CVE-2019-5421.yml @@ -2,7 +2,7 @@ gem: devise cve: 2019-5421 ghsa: 73rf-6mrf-759q -url: https://github.com/plataformatec/devise/issues/4981 +url: https://github.com/advisories/GHSA-73rf-6mrf-759q title: Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module date: 2019-02-07 @@ -14,3 +14,6 @@ cvss_v2: 7.5 cvss_v3: 9.8 patched_versions: - ">= 4.6.0" +related: + url: + - https://github.com/heartcombo/devise/issues/4981 diff --git a/gems/doge-coin/CVE-2019-15224.yml b/gems/doge-coin/CVE-2019-15224.yml index 621f7003c3..29f3823fbc 100644 --- a/gems/doge-coin/CVE-2019-15224.yml +++ b/gems/doge-coin/CVE-2019-15224.yml @@ -2,7 +2,7 @@ gem: doge-coin cve: 2019-15224 ghsa: 333g-rpr4-7hxq -url: https://github.com/rubygems.org/issues/2097 +url: https://github.com/advisories/GHSA-333g-rpr4-7hxq title: Code execution backdoor in doge-coin date: 2019-08-20 description: | diff --git a/gems/lita_coin/CVE-2019-15224.yml b/gems/lita_coin/CVE-2019-15224.yml index 448969a7bd..24102708db 100644 --- a/gems/lita_coin/CVE-2019-15224.yml +++ b/gems/lita_coin/CVE-2019-15224.yml @@ -2,7 +2,7 @@ gem: lita_coin cve: 2019-15224 ghsa: 333g-rpr4-7hxq -url: https://github.com/rubygems.org/issues/2097 +url: https://github.com/advisories/GHSA-333g-rpr4-7hxq date: 2019-08-20 title: Code execution backdoor in lita_coin description: | diff --git a/gems/logstash/CVE-2014-4326.yml b/gems/logstash/CVE-2014-4326.yml index 0164cdcba3..314223e567 100644 --- a/gems/logstash/CVE-2014-4326.yml +++ b/gems/logstash/CVE-2014-4326.yml @@ -2,7 +2,7 @@ gem: logstash cve: 2014-4326 ghsa: 8qhq-rq4j-8prj -url: https://www.elastic.co/community/security +url: https://web.archive.org/web/20140804031140/http://www.elasticsearch.org/blog/logstash-1-4-2 title: Elasticsearch Logstash allows remote attackers to execute arbitrary commands date: 2022-05-14 description: | @@ -17,7 +17,6 @@ patched_versions: related: url: - https://nvd.nist.gov/vuln/detail/CVE-2014-4326 - - https://www.elastic.co/community/security - https://web.archive.org/web/20140804031140/http://www.elasticsearch.org/blog/logstash-1-4-2 - https://web.archive.org/web/20201207013408/http://www.securityfocus.com/archive/1/532841/100/0/threaded - https://github.com/advisories/GHSA-8qhq-rq4j-8prj diff --git a/gems/mini_magick/CVE-2019-13574.yml b/gems/mini_magick/CVE-2019-13574.yml index 8f109e7641..94405a2f76 100644 --- a/gems/mini_magick/CVE-2019-13574.yml +++ b/gems/mini_magick/CVE-2019-13574.yml @@ -2,7 +2,7 @@ gem: mini_magick cve: 2019-13574 ghsa: r7j3-vvh2-xrpj -url: https://benjamin-bouchet.com/blog/vulnerabilite-dans-la-gem-mini_magick-version-4-9-4/ +url: https://github.com/advisories/GHSA-r7j3-vvh2-xrpj title: Remote command execution via filename date: 2019-07-12 description: | diff --git a/gems/omniauth_amazon/CVE-2019-15224.yml b/gems/omniauth_amazon/CVE-2019-15224.yml index 04ee4cef73..0d832187bb 100644 --- a/gems/omniauth_amazon/CVE-2019-15224.yml +++ b/gems/omniauth_amazon/CVE-2019-15224.yml @@ -2,7 +2,7 @@ gem: omniauth_amazon cve: 2019-15224 ghsa: 333g-rpr4-7hxq -url: https://github.com/rubygems.org/issues/2097 +url: https://github.com/advisories/GHSA-333g-rpr4-7hxq title: Code execution backdoor in omniauth_amazon date: 2019-08-20 description: | diff --git a/gems/passenger/CVE-2018-12026.yml b/gems/passenger/CVE-2018-12026.yml index eb5583a9e8..02934cdcd7 100644 --- a/gems/passenger/CVE-2018-12026.yml +++ b/gems/passenger/CVE-2018-12026.yml @@ -2,7 +2,7 @@ gem: passenger cve: 2018-12026 ghsa: 7cv3-gvmc-8mq5 -url: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/ +url: https://github.com/advisories/GHSA-7cv3-gvmc-8mq5 title: SpawningKit exploits date: 2018-06-12 description: | diff --git a/gems/passenger/CVE-2018-12029.yml b/gems/passenger/CVE-2018-12029.yml index 8b61fb46e5..4152aaf357 100644 --- a/gems/passenger/CVE-2018-12029.yml +++ b/gems/passenger/CVE-2018-12029.yml @@ -2,7 +2,7 @@ gem: passenger cve: 2018-12029 ghsa: jjcj-fgfm-9g9r -url: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/ +url: https://github.com/advisories/GHSA-jjcj-fgfm-9g9r title: CHMOD race vulnerability date: 2018-06-12 description: | diff --git a/gems/spree/CVE-2010-3978.yml b/gems/spree/CVE-2010-3978.yml index 769b27ea5f..23ee17d103 100644 --- a/gems/spree/CVE-2010-3978.yml +++ b/gems/spree/CVE-2010-3978.yml @@ -3,7 +3,7 @@ gem: spree cve: 2010-3978 osvdb: 69098 ghsa: hwrx-wc75-mgh7 -url: https://spreecommerce.com/blog/json-hijacking-vulnerability +url: https://github.com/advisories/GHSA-hwrx-wc75-mgh7 title: Spree Multiple Script JSON Request Validation Weakness Remote Information Disclosure diff --git a/rubies/jruby/CVE-2010-1330.yml b/rubies/jruby/CVE-2010-1330.yml index 79a6aa92bc..b1c43e897d 100644 --- a/rubies/jruby/CVE-2010-1330.yml +++ b/rubies/jruby/CVE-2010-1330.yml @@ -2,7 +2,7 @@ engine: jruby cve: 2010-1330 osvdb: 77297 -url: http://jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability +url: https://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability title: 'CVE-2010-1330 jruby: XSS in the regular expression engine when processing invalid UTF-8 byte sequences' date: 2010-04-26 diff --git a/rubies/jruby/CVE-2011-4838.yml b/rubies/jruby/CVE-2011-4838.yml index 9e6182f3e6..5773320baa 100644 --- a/rubies/jruby/CVE-2011-4838.yml +++ b/rubies/jruby/CVE-2011-4838.yml @@ -2,7 +2,7 @@ engine: jruby cve: 2011-4838 osvdb: 78116 -url: http://jruby.org/2011/12/27/jruby-1-6-5-1 +url: https://www.jruby.org/2011/12/27/jruby-1-6-5-1 title: "CVE-2011-4838 jruby: hash table collisions DoS (oCERT-2011-003)" date: 2011-12-27 description: | diff --git a/rubies/jruby/CVE-2012-5370.yml b/rubies/jruby/CVE-2012-5370.yml index 422ffc8a5e..949f2d9135 100644 --- a/rubies/jruby/CVE-2012-5370.yml +++ b/rubies/jruby/CVE-2012-5370.yml @@ -2,7 +2,7 @@ engine: jruby cve: 2012-5370 osvdb: 87864 -url: http://jruby.org/2012/12/03/jruby-1-7-1 +url: https://www.jruby.org/2012/12/03/jruby-1-7-1 title: "CVE-2012-5370 jruby: Murmur hash function collisions (oCERT-2012-001)" date: 2012-11-23 description: |