Skip to content

Commit

Permalink
Sync with GitHub Security Advisories
Browse files Browse the repository at this point in the history
* Add asciidoctor/CVE-2018-18385 camaleon_cms/CVE-2018-18260 camaleon_cms/CVE-2021-25969
  camaleon_cms/CVE-2021-25970 camaleon_cms/CVE-2021-25971 camaleon_cms/CVE-2021-25972
  ccsv/CVE-2017-15364 commonmarker/GHSA-636f-xm5j-pj9m fluentd/CVE-2017-10906
  git/CVE-2022-47318 gitaly/CVE-2020-13353 hammer_cli_foreman/CVE-2017-2667 katello/CVE-2016-3072
  katello/CVE-2017-2662 katello/CVE-2018-14623 katello/CVE-2018-16887
  mixlib-archive/CVE-2017-1000026 omniauth-weibo-oauth2/CVE-2019-17268 papercrop/CVE-2015-2784
  publify_core/CVE-2023-0569 sanitize/CVE-2023-23627 smalruby-editor/CVE-2017-2096
  smalruby/CVE-2017-2096 smashing/CVE-2021-35440 xapian-core/CVE-2018-0499

* Add missing metadata to following:
  administrate/CVE-2016-3098 clockwork_web/CVE-2023-25015 curupira/CVE-2015-10053
  devise/CVE-2015-8314 jquery-ui-rails/CVE-2016-7103 xaviershay-dm-rails/CVE-2015-2179
  • Loading branch information
reedloden committed Feb 11, 2023
1 parent 8207385 commit 38305c6
Show file tree
Hide file tree
Showing 31 changed files with 506 additions and 12 deletions.
14 changes: 8 additions & 6 deletions gems/administrate/CVE-2016-3098.yml
Original file line number Diff line number Diff line change
@@ -1,12 +1,14 @@
---
gem: administrate
cve: 2016-3098
ghsa: cc8c-26rj-v2vx
url: http://seclists.org/oss-sec/2016/q2/0
title: Cross-site request forgery (CSRF) vulnerability in administrate gem
date: 2016-04-01
url: http://seclists.org/oss-sec/2016/q2/0
description: >-
`Administrate::ApplicationController` actions didn't have CSRF
protection. Remote attackers can hijack user's sessions and use any
functionality that administrate exposes on their behalf.
description: |
"`Administrate::ApplicationController` actions didn't have CSRF protection.
Remote attackers can hijack user's sessions and use any functionality that administrate
exposes on their behalf."
cvss_v3: 5.4
patched_versions:
- '>= 0.1.5'
- ">= 0.1.5"
17 changes: 17 additions & 0 deletions gems/asciidoctor/CVE-2018-18385.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
gem: asciidoctor
cve: 2018-18385
ghsa: qc9p-mjxm-j2wj
url: https://github.com/asciidoctor/asciidoctor/issues/2888
title: Asciidoctor Infinite Loop vulnerability
date: 2022-05-13
description: |
Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial
of service (infinite loop). The loop was caused by the fact that `Parser.next_block`
was not exhausting all the lines in the reader as the while loop expected it would.
This was happening because the regular expression that detects any list was not
agreeing with the regular expression that detects a specific list type. So the line
kept getting pushed back onto the reader, hence causing the loop.
cvss_v3: 7.5
patched_versions:
- ">= 1.5.8"
14 changes: 14 additions & 0 deletions gems/camaleon_cms/CVE-2018-18260.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
gem: camaleon_cms
cve: 2018-18260
ghsa: 7f84-9cqf-g4j9
url: http://packetstormsecurity.com/files/149772/CAMALEON-CMS-2.4-Cross-Site-Scripting.html
title: Camaleon CMS vulnerable to Stored Cross-site Scripting
date: 2022-05-13
description: |
In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The
profile image in the User settings section can be run in the update / upload area
via `/admin/media/upload?actions=false`.
cvss_v3: 6.1
unaffected_versions:
- "< 2.4"
20 changes: 20 additions & 0 deletions gems/camaleon_cms/CVE-2021-25969.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
gem: camaleon_cms
cve: 2021-25969
ghsa: x78v-4fvj-rg9j
url: https://github.com/owen2345/camaleon-cms/commit/05506e9087bb05282c0bae6ccfe0283d0332ab3c
title: Camaleon CMS Stored Cross-site Scripting vulnerability
date: 2022-05-24
description: |
In “Camaleon CMS” application, versions 0.0.1 through 2.6.0 are vulnerable
to stored XSS, that allows unprivileged application users to store malicious scripts
in the comments section of the post. These scripts are executed in a victim’s browser
when they open the page containing the malicious comment.
cvss_v3: 6.1
unaffected_versions:
- "< 0.0.1"
patched_versions:
- ">= 2.6.0.1"
related:
url:
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25969
20 changes: 20 additions & 0 deletions gems/camaleon_cms/CVE-2021-25970.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
gem: camaleon_cms
cve: 2021-25970
ghsa: 438x-2p9v-g8h9
url: https://github.com/owen2345/camaleon-cms/commit/77e31bc6cdde7c951fba104aebcd5ebb3f02b030
title: Camaleon CMS Insufficient Session Expiration vulnerability
date: 2022-05-24
description: |
Camaleon CMS 0.1.7 through 2.6.0 doesn’t terminate the active session
of the users, even after the admin changes the user’s password. A user that was
already logged in, will still have access to the application even after the password
was changed.
cvss_v3: 8.8
unaffected_versions:
- "< 0.1.7"
patched_versions:
- ">= 2.6.0.1"
related:
url:
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25970
19 changes: 19 additions & 0 deletions gems/camaleon_cms/CVE-2021-25971.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
gem: camaleon_cms
cve: 2021-25971
ghsa: r2w2-h6r8-3r53
url: https://github.com/owen2345/camaleon-cms/commit/ab89584ab32b98a0af3d711e3f508a1d048147d2
title: Camaleon CMS vulnerable to Uncaught Exception
date: 2022-05-24
description: |
In Camaleon CMS, versions 2.0.1 through 2.6.0 are vulnerable to an Uncaught
Exception. The app's media upload feature crashes permanently when an attacker with
a low privileged access uploads a specially crafted .svg file.
cvss_v3: 4.3
unaffected_versions:
- "< 2.0.1"
patched_versions:
- ">= 2.6.0.1"
related:
url:
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25971
21 changes: 21 additions & 0 deletions gems/camaleon_cms/CVE-2021-25972.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
gem: camaleon_cms
cve: 2021-25972
ghsa: vx6p-q4gj-x6xx
url: https://github.com/owen2345/camaleon-cms/commit/5a252d537411fdd0127714d66c1d76069dc7e190
title: Camaleon CMS vulnerable to Server-Side Request Forgery
date: 2022-05-24
description: |
In Camaleon CMS, versions 2.1.2.0 through 2.6.0, are vulnerable to Server-Side
Request Forgery (SSRF) in the media upload feature, which allows admin users to
fetch media files from external URLs but fails to validate URLs referencing to localhost
or other internal servers. This allows attackers to read files stored in the internal
server.
cvss_v3: 4.9
unaffected_versions:
- "< 2.1.2.0"
patched_versions:
- ">= 2.6.0.1"
related:
url:
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25972
12 changes: 12 additions & 0 deletions gems/ccsv/CVE-2017-15364.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
gem: ccsv
cve: 2017-15364
ghsa: 5gxp-c379-pj42
url: https://github.com/evan/ccsv/issues/15
title: ccsv Double Free vulnerability
date: 2022-05-17
description: |
The foreach function in `ext/ccsv.c` in Ccsv 1.1.0 allows remote attackers
to cause a denial of service (double free and application crash) or possibly have
unspecified other impact via a crafted file.
cvss_v3: 5.5
2 changes: 2 additions & 0 deletions gems/clockwork_web/CVE-2023-25015.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
gem: clockwork_web
cve: 2023-25015
ghsa: p4xx-w6fr-c4w9
url: https://github.com/ankane/clockwork_web/issues/4
title: CSRF Vulnerability with Rails < 5.2
date: 2023-02-01
Expand All @@ -10,5 +11,6 @@ description: |
A CSRF attack works by getting an authorized user to visit a malicious website and
then performing requests on behalf of the user. In this instance, actions include
enabling and disabling jobs.
cvss_v3: 6.5
patched_versions:
- ">= 0.1.2"
38 changes: 38 additions & 0 deletions gems/commonmarker/GHSA-636f-xm5j-pj9m.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
gem: commonmarker
ghsa: 636f-xm5j-pj9m
url: https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-636f-xm5j-pj9m
title: Several quadratic complexity bugs may lead to denial of service in Commonmarker
date: 2023-01-24
description: |-
## Impact
Several quadratic complexity bugs in commonmarker's underlying [`cmark-gfm`](https://github.com/github/cmark-gfm)
library may lead to unbounded resource exhaustion and subsequent denial of service.
The following vulnerabilities were addressed:
* [CVE-2023-22483](https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c)
* [CVE-2023-22484](https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r)
* [CVE-2023-22485](https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr)
* [CVE-2023-22486](https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p)
For more information, consult the release notes for version
[`0.23.0.gfm.7`](https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.7).
## Mitigation
Users are advised to upgrade to commonmarker version [`0.23.7`](https://rubygems.org/gems/commonmarker/versions/0.23.7).
patched_versions:
- ">= 0.23.7"
related:
cve:
- 2023-22483
- 2023-22484
- 2023-22485
- 2023-22486
ghsa:
- 29g3-96g3-jg6c
- 24f7-9frr-5h2r
- c944-cv5f-hpvr
- r572-jvj2-3m8p
1 change: 1 addition & 0 deletions gems/curupira/CVE-2015-10053.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ description: |
93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the
affected component. VDB-218394 is the identifier assigned to this
vulnerability.
cvss_v3: 9.8
patched_versions:
- ">= 0.1.4"
related:
Expand Down
3 changes: 2 additions & 1 deletion gems/devise/CVE-2015-8314.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
gem: devise
cve: 2015-8314
ghsa: 746g-3gfp-hfhw
url: http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/
title: Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
date: 2016-01-18
Expand All @@ -11,4 +12,4 @@ description: |
the password frequently, the cookie can be used to gain access to the
application indefinitely.
patched_versions:
- '>= 3.5.4'
- ">= 3.5.4"
21 changes: 21 additions & 0 deletions gems/fluentd/CVE-2017-10906.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
gem: fluentd
cve: 2017-10906
ghsa: 5jrp-w8fr-mrww
url: https://github.com/fluent/fluentd/pull/1733
title: Fluentd Escape Sequence Injection Vulnerability
date: 2022-05-13
description: |
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through
0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands
on the device via unspecified vectors.
cvss_v3: 9.8
unaffected_versions:
- "< 0.12.29"
patched_versions:
- ">= 0.12.41"
related:
url:
- https://access.redhat.com/errata/RHSA-2018:2225
- https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes
- https://jvn.jp/en/vu/JVNVU95124098/index.html
18 changes: 18 additions & 0 deletions gems/git/CVE-2022-47318.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
gem: git
cve: 2022-47318
ghsa: pphf-gfrm-v32r
url: https://github.com/ruby-git/ruby-git/pull/602
title: Code injection in ruby git
date: 2023-01-17
description: |
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker
to execute an arbitrary ruby code by having a user to load a repository containing
a specially crafted filename to the product. This vulnerability is different from
CVE-2022-46648.
cvss_v3: 8.0
patched_versions:
- ">= 1.13.0"
related:
url:
- https://jvn.jp/en/jp/JVN16765254/index.html
21 changes: 21 additions & 0 deletions gems/gitaly/CVE-2020-13353.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
gem: gitaly
cve: 2020-13353
ghsa: mmmm-chjf-jmvw
url: https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13353.json
title: Gitaly Insufficient Session Expiration vulnerability
date: 2022-05-24
description: |
When importing repos via URL, one time use git credentials were persisted
beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are:
>=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
cvss_v3: 3.2
unaffected_versions:
- "< 1.79.0"
patched_versions:
- "~> 13.3.9"
- "~> 13.4.5"
- ">= 13.5.2"
related:
url:
- https://gitlab.com/gitlab-org/gitaly/-/issues/2882
20 changes: 20 additions & 0 deletions gems/hammer_cli_foreman/CVE-2017-2667.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
gem: hammer_cli_foreman
cve: 2017-2667
ghsa: 77h8-xr85-3x5q
url: https://access.redhat.com/errata/RHSA-2018:0336
title: hammer_cli_foreman Improper Certificate Validation vulnerability
date: 2022-05-13
description: |
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not
explicitly set the verify_ssl flag for apipie-bindings that disable it by default.
As a result the server certificates are not checked and connections are prone to
man-in-the-middle attacks.
cvss_v3: 8.1
patched_versions:
- ">= 0.10.0"
related:
url:
- https://bugzilla.redhat.com/show_bug.cgi?id=1436262
- http://projects.theforeman.org/issues/19033
- http://www.securityfocus.com/bid/97153
6 changes: 3 additions & 3 deletions gems/jquery-ui-rails/CVE-2016-7103.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,18 @@
gem: jquery-ui-rails
framework: rails
cve: 2016-7103
date: 2016-08-27
ghsa: hpcf-8vf9-q4gj
url: https://github.com/jquery/api.jqueryui.com/issues/281
title: XSS Vulnerability on closeText option of Dialog jQuery UI
date: 2016-08-27
description: |
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might
allow remote attackers to inject arbitrary web script or HTML via the
closeText parameter of the dialog function.
cvss_v2: 4.3
cvss_v3: 6.1
patched_versions:
- '>= 6.0.0'

- ">= 6.0.0"
related:
url:
- https://github.com/jquery/jquery-ui/pull/1635
Expand Down
20 changes: 20 additions & 0 deletions gems/katello/CVE-2016-3072.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
gem: katello
cve: 2016-3072
ghsa: 527r-mfmj-prqf
url: https://github.com/Katello/katello/pull/6051
title: Katello SQL Injection vulnerabilities
date: 2022-05-14
description: |
Multiple SQL injection vulnerabilities in the scoped_search function
in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated
users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.
cvss_v3: 8.8
patched_versions:
- ">= 2.4.3"
related:
url:
- https://access.redhat.com/errata/RHSA-2016:1083
- https://bugzilla.redhat.com/show_bug.cgi?id=1322050
- https://github.com/Katello/katello/commit/5645ed4365980a34e30a9c57fe0793dff729e8e4
- https://access.redhat.com/security/cve/CVE-2016-3072
20 changes: 20 additions & 0 deletions gems/katello/CVE-2017-2662.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
gem: katello
cve: 2017-2662
ghsa: cpv6-pfq6-j2v7
url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662
title: katello Improper Privilege Management vulnerability
date: 2022-05-13
description: |
A flaw was found in Foreman's katello plugin version 3.4.5. After setting
a new role to allow restricted access on a repository with a filter (filter set
on the Product Name), the filter is not respected when the actions are done via
hammer using the repository id.
cvss_v3: 4.3
patched_versions:
- ">= 3.17.0.rc1"
related:
url:
- https://projects.theforeman.org/issues/18838
- https://github.com/Katello/katello/pull/8772
- https://github.com/Katello/katello/commit/853260e3e9f94179d5881199e7885d1c08e600f6
18 changes: 18 additions & 0 deletions gems/katello/CVE-2018-14623.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
gem: katello
cve: 2018-14623
ghsa: jx5v-788g-qw58
url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623
title: katello SQL Injection vulnerability
date: 2022-05-13
description: |
A SQL injection flaw was found in katello's errata-related API. An authenticated
remote attacker can craft input data to force a malformed SQL query to the backend
database, which will leak internal IDs. This is issue is related to an incomplete
fix for CVE-2016-3072. Version 3.10 and older is vulnerable.
cvss_v3: 4.3
related:
url:
- https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224
ghsa:
- 527r-mfmj-prqf
Loading

0 comments on commit 38305c6

Please sign in to comment.