From 38305c67e0b70b1ddc115b0518a6dabedec70a1e Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Sat, 11 Feb 2023 11:06:09 -0800
Subject: [PATCH] Sync with GitHub Security Advisories

* Add asciidoctor/CVE-2018-18385 camaleon_cms/CVE-2018-18260 camaleon_cms/CVE-2021-25969
  camaleon_cms/CVE-2021-25970 camaleon_cms/CVE-2021-25971 camaleon_cms/CVE-2021-25972
  ccsv/CVE-2017-15364 commonmarker/GHSA-636f-xm5j-pj9m fluentd/CVE-2017-10906
  git/CVE-2022-47318 gitaly/CVE-2020-13353 hammer_cli_foreman/CVE-2017-2667 katello/CVE-2016-3072
  katello/CVE-2017-2662 katello/CVE-2018-14623 katello/CVE-2018-16887
  mixlib-archive/CVE-2017-1000026 omniauth-weibo-oauth2/CVE-2019-17268 papercrop/CVE-2015-2784
  publify_core/CVE-2023-0569 sanitize/CVE-2023-23627 smalruby-editor/CVE-2017-2096
  smalruby/CVE-2017-2096 smashing/CVE-2021-35440 xapian-core/CVE-2018-0499

* Add missing metadata to following:
  administrate/CVE-2016-3098 clockwork_web/CVE-2023-25015 curupira/CVE-2015-10053
  devise/CVE-2015-8314 jquery-ui-rails/CVE-2016-7103 xaviershay-dm-rails/CVE-2015-2179
---
 gems/administrate/CVE-2016-3098.yml           | 14 ++++---
 gems/asciidoctor/CVE-2018-18385.yml           | 17 +++++++++
 gems/camaleon_cms/CVE-2018-18260.yml          | 14 +++++++
 gems/camaleon_cms/CVE-2021-25969.yml          | 20 ++++++++++
 gems/camaleon_cms/CVE-2021-25970.yml          | 20 ++++++++++
 gems/camaleon_cms/CVE-2021-25971.yml          | 19 ++++++++++
 gems/camaleon_cms/CVE-2021-25972.yml          | 21 ++++++++++
 gems/ccsv/CVE-2017-15364.yml                  | 12 ++++++
 gems/clockwork_web/CVE-2023-25015.yml         |  2 +
 gems/commonmarker/GHSA-636f-xm5j-pj9m.yml     | 38 +++++++++++++++++++
 gems/curupira/CVE-2015-10053.yml              |  1 +
 gems/devise/CVE-2015-8314.yml                 |  3 +-
 gems/fluentd/CVE-2017-10906.yml               | 21 ++++++++++
 gems/git/CVE-2022-47318.yml                   | 18 +++++++++
 gems/gitaly/CVE-2020-13353.yml                | 21 ++++++++++
 gems/hammer_cli_foreman/CVE-2017-2667.yml     | 20 ++++++++++
 gems/jquery-ui-rails/CVE-2016-7103.yml        |  6 +--
 gems/katello/CVE-2016-3072.yml                | 20 ++++++++++
 gems/katello/CVE-2017-2662.yml                | 20 ++++++++++
 gems/katello/CVE-2018-14623.yml               | 18 +++++++++
 gems/katello/CVE-2018-16887.yml               | 20 ++++++++++
 gems/mixlib-archive/CVE-2017-1000026.yml      | 17 +++++++++
 gems/omniauth-weibo-oauth2/CVE-2019-17268.yml | 19 ++++++++++
 gems/papercrop/CVE-2015-2784.yml              | 13 +++++++
 gems/publify_core/CVE-2023-0569.yml           | 16 ++++++++
 gems/sanitize/CVE-2023-23627.yml              | 34 +++++++++++++++++
 gems/smalruby-editor/CVE-2017-2096.yml        | 17 +++++++++
 gems/smalruby/CVE-2017-2096.yml               | 17 +++++++++
 gems/smashing/CVE-2021-35440.yml              | 19 ++++++++++
 gems/xapian-core/CVE-2018-0499.yml            | 17 +++++++++
 gems/xaviershay-dm-rails/CVE-2015-2179.yml    |  4 +-
 31 files changed, 506 insertions(+), 12 deletions(-)
 create mode 100644 gems/asciidoctor/CVE-2018-18385.yml
 create mode 100644 gems/camaleon_cms/CVE-2018-18260.yml
 create mode 100644 gems/camaleon_cms/CVE-2021-25969.yml
 create mode 100644 gems/camaleon_cms/CVE-2021-25970.yml
 create mode 100644 gems/camaleon_cms/CVE-2021-25971.yml
 create mode 100644 gems/camaleon_cms/CVE-2021-25972.yml
 create mode 100644 gems/ccsv/CVE-2017-15364.yml
 create mode 100644 gems/commonmarker/GHSA-636f-xm5j-pj9m.yml
 create mode 100644 gems/fluentd/CVE-2017-10906.yml
 create mode 100644 gems/git/CVE-2022-47318.yml
 create mode 100644 gems/gitaly/CVE-2020-13353.yml
 create mode 100644 gems/hammer_cli_foreman/CVE-2017-2667.yml
 create mode 100644 gems/katello/CVE-2016-3072.yml
 create mode 100644 gems/katello/CVE-2017-2662.yml
 create mode 100644 gems/katello/CVE-2018-14623.yml
 create mode 100644 gems/katello/CVE-2018-16887.yml
 create mode 100644 gems/mixlib-archive/CVE-2017-1000026.yml
 create mode 100644 gems/omniauth-weibo-oauth2/CVE-2019-17268.yml
 create mode 100644 gems/papercrop/CVE-2015-2784.yml
 create mode 100644 gems/publify_core/CVE-2023-0569.yml
 create mode 100644 gems/sanitize/CVE-2023-23627.yml
 create mode 100644 gems/smalruby-editor/CVE-2017-2096.yml
 create mode 100644 gems/smalruby/CVE-2017-2096.yml
 create mode 100644 gems/smashing/CVE-2021-35440.yml
 create mode 100644 gems/xapian-core/CVE-2018-0499.yml

diff --git a/gems/administrate/CVE-2016-3098.yml b/gems/administrate/CVE-2016-3098.yml
index 21d43f6a0c..0148b97a0a 100644
--- a/gems/administrate/CVE-2016-3098.yml
+++ b/gems/administrate/CVE-2016-3098.yml
@@ -1,12 +1,14 @@
 ---
 gem: administrate
 cve: 2016-3098
+ghsa: cc8c-26rj-v2vx
+url: http://seclists.org/oss-sec/2016/q2/0
 title: Cross-site request forgery (CSRF) vulnerability in administrate gem
 date: 2016-04-01
-url: http://seclists.org/oss-sec/2016/q2/0
-description: >-
-  `Administrate::ApplicationController` actions didn't have CSRF
-  protection. Remote attackers can hijack user's sessions and use any
-  functionality that administrate exposes on their behalf.
+description: |
+  "`Administrate::ApplicationController` actions didn't have CSRF protection.
+  Remote attackers can hijack user's sessions and use any functionality that administrate
+  exposes on their behalf."
+cvss_v3: 5.4
 patched_versions:
-- '>= 0.1.5'
+- ">= 0.1.5"
diff --git a/gems/asciidoctor/CVE-2018-18385.yml b/gems/asciidoctor/CVE-2018-18385.yml
new file mode 100644
index 0000000000..970ead74d1
--- /dev/null
+++ b/gems/asciidoctor/CVE-2018-18385.yml
@@ -0,0 +1,17 @@
+---
+gem: asciidoctor
+cve: 2018-18385
+ghsa: qc9p-mjxm-j2wj
+url: https://github.com/asciidoctor/asciidoctor/issues/2888
+title: Asciidoctor Infinite Loop vulnerability
+date: 2022-05-13
+description: |
+  Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial
+  of service (infinite loop). The loop was caused by the fact that `Parser.next_block`
+  was not exhausting all the lines in the reader as the while loop expected it would.
+  This was happening because the regular expression that detects any list was not
+  agreeing with the regular expression that detects a specific list type. So the line
+  kept getting pushed back onto the reader, hence causing the loop.
+cvss_v3: 7.5
+patched_versions:
+- ">= 1.5.8"
diff --git a/gems/camaleon_cms/CVE-2018-18260.yml b/gems/camaleon_cms/CVE-2018-18260.yml
new file mode 100644
index 0000000000..efafcb4382
--- /dev/null
+++ b/gems/camaleon_cms/CVE-2018-18260.yml
@@ -0,0 +1,14 @@
+---
+gem: camaleon_cms
+cve: 2018-18260
+ghsa: 7f84-9cqf-g4j9
+url: http://packetstormsecurity.com/files/149772/CAMALEON-CMS-2.4-Cross-Site-Scripting.html
+title: Camaleon CMS vulnerable to Stored Cross-site Scripting
+date: 2022-05-13
+description: |
+  In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The
+  profile image in the User settings section can be run in the update / upload area
+  via `/admin/media/upload?actions=false`.
+cvss_v3: 6.1
+unaffected_versions:
+- "< 2.4"
diff --git a/gems/camaleon_cms/CVE-2021-25969.yml b/gems/camaleon_cms/CVE-2021-25969.yml
new file mode 100644
index 0000000000..6e16694c98
--- /dev/null
+++ b/gems/camaleon_cms/CVE-2021-25969.yml
@@ -0,0 +1,20 @@
+---
+gem: camaleon_cms
+cve: 2021-25969
+ghsa: x78v-4fvj-rg9j
+url: https://github.com/owen2345/camaleon-cms/commit/05506e9087bb05282c0bae6ccfe0283d0332ab3c
+title: Camaleon CMS Stored Cross-site Scripting vulnerability
+date: 2022-05-24
+description: |
+  In “Camaleon CMS” application, versions 0.0.1 through 2.6.0 are vulnerable
+  to stored XSS, that allows unprivileged application users to store malicious scripts
+  in the comments section of the post. These scripts are executed in a victim’s browser
+  when they open the page containing the malicious comment.
+cvss_v3: 6.1
+unaffected_versions:
+- "< 0.0.1"
+patched_versions:
+- ">= 2.6.0.1"
+related:
+  url:
+  - https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25969
diff --git a/gems/camaleon_cms/CVE-2021-25970.yml b/gems/camaleon_cms/CVE-2021-25970.yml
new file mode 100644
index 0000000000..91fc329cdf
--- /dev/null
+++ b/gems/camaleon_cms/CVE-2021-25970.yml
@@ -0,0 +1,20 @@
+---
+gem: camaleon_cms
+cve: 2021-25970
+ghsa: 438x-2p9v-g8h9
+url: https://github.com/owen2345/camaleon-cms/commit/77e31bc6cdde7c951fba104aebcd5ebb3f02b030
+title: Camaleon CMS Insufficient Session Expiration vulnerability
+date: 2022-05-24
+description: |
+  Camaleon CMS 0.1.7 through 2.6.0 doesn’t terminate the active session
+  of the users, even after the admin changes the user’s password. A user that was
+  already logged in, will still have access to the application even after the password
+  was changed.
+cvss_v3: 8.8
+unaffected_versions:
+- "< 0.1.7"
+patched_versions:
+- ">= 2.6.0.1"
+related:
+  url:
+  - https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25970
diff --git a/gems/camaleon_cms/CVE-2021-25971.yml b/gems/camaleon_cms/CVE-2021-25971.yml
new file mode 100644
index 0000000000..4ba9e7abd1
--- /dev/null
+++ b/gems/camaleon_cms/CVE-2021-25971.yml
@@ -0,0 +1,19 @@
+---
+gem: camaleon_cms
+cve: 2021-25971
+ghsa: r2w2-h6r8-3r53
+url: https://github.com/owen2345/camaleon-cms/commit/ab89584ab32b98a0af3d711e3f508a1d048147d2
+title: Camaleon CMS vulnerable to Uncaught Exception
+date: 2022-05-24
+description: |
+  In Camaleon CMS, versions 2.0.1 through 2.6.0 are vulnerable to an Uncaught
+  Exception. The app's media upload feature crashes permanently when an attacker with
+  a low privileged access uploads a specially crafted .svg file.
+cvss_v3: 4.3
+unaffected_versions:
+- "< 2.0.1"
+patched_versions:
+- ">= 2.6.0.1"
+related:
+  url:
+  - https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25971
diff --git a/gems/camaleon_cms/CVE-2021-25972.yml b/gems/camaleon_cms/CVE-2021-25972.yml
new file mode 100644
index 0000000000..70910ab7a4
--- /dev/null
+++ b/gems/camaleon_cms/CVE-2021-25972.yml
@@ -0,0 +1,21 @@
+---
+gem: camaleon_cms
+cve: 2021-25972
+ghsa: vx6p-q4gj-x6xx
+url: https://github.com/owen2345/camaleon-cms/commit/5a252d537411fdd0127714d66c1d76069dc7e190
+title: Camaleon CMS vulnerable to Server-Side Request Forgery
+date: 2022-05-24
+description: |
+  In Camaleon CMS, versions 2.1.2.0 through 2.6.0, are vulnerable to Server-Side
+  Request Forgery (SSRF) in the media upload feature, which allows admin users to
+  fetch media files from external URLs but fails to validate URLs referencing to localhost
+  or other internal servers. This allows attackers to read files stored in the internal
+  server.
+cvss_v3: 4.9
+unaffected_versions:
+- "< 2.1.2.0"
+patched_versions:
+- ">= 2.6.0.1"
+related:
+  url:
+  - https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25972
diff --git a/gems/ccsv/CVE-2017-15364.yml b/gems/ccsv/CVE-2017-15364.yml
new file mode 100644
index 0000000000..bc25d4ffec
--- /dev/null
+++ b/gems/ccsv/CVE-2017-15364.yml
@@ -0,0 +1,12 @@
+---
+gem: ccsv
+cve: 2017-15364
+ghsa: 5gxp-c379-pj42
+url: https://github.com/evan/ccsv/issues/15
+title: ccsv Double Free vulnerability
+date: 2022-05-17
+description: |
+  The foreach function in `ext/ccsv.c` in Ccsv 1.1.0 allows remote attackers
+  to cause a denial of service (double free and application crash) or possibly have
+  unspecified other impact via a crafted file.
+cvss_v3: 5.5
diff --git a/gems/clockwork_web/CVE-2023-25015.yml b/gems/clockwork_web/CVE-2023-25015.yml
index 002e4e59fa..ae839b6f4c 100644
--- a/gems/clockwork_web/CVE-2023-25015.yml
+++ b/gems/clockwork_web/CVE-2023-25015.yml
@@ -1,6 +1,7 @@
 ---
 gem: clockwork_web
 cve: 2023-25015
+ghsa: p4xx-w6fr-c4w9
 url: https://github.com/ankane/clockwork_web/issues/4
 title: CSRF Vulnerability with Rails < 5.2
 date: 2023-02-01
@@ -10,5 +11,6 @@ description: |
   A CSRF attack works by getting an authorized user to visit a malicious website and
   then performing requests on behalf of the user. In this instance, actions include
   enabling and disabling jobs.
+cvss_v3: 6.5
 patched_versions:
 - ">= 0.1.2"
diff --git a/gems/commonmarker/GHSA-636f-xm5j-pj9m.yml b/gems/commonmarker/GHSA-636f-xm5j-pj9m.yml
new file mode 100644
index 0000000000..7ade38719a
--- /dev/null
+++ b/gems/commonmarker/GHSA-636f-xm5j-pj9m.yml
@@ -0,0 +1,38 @@
+---
+gem: commonmarker
+ghsa: 636f-xm5j-pj9m
+url: https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-636f-xm5j-pj9m
+title: Several quadratic complexity bugs may lead to denial of service in Commonmarker
+date: 2023-01-24
+description: |-
+  ## Impact
+
+  Several quadratic complexity bugs in commonmarker's underlying [`cmark-gfm`](https://github.com/github/cmark-gfm)
+  library may lead to unbounded resource exhaustion and subsequent denial of service.
+
+  The following vulnerabilities were addressed:
+
+  * [CVE-2023-22483](https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c)
+  * [CVE-2023-22484](https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r)
+  * [CVE-2023-22485](https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr)
+  * [CVE-2023-22486](https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p)
+
+  For more information, consult the release notes for version
+  [`0.23.0.gfm.7`](https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.7).
+
+  ## Mitigation
+
+  Users are advised to upgrade to commonmarker version [`0.23.7`](https://rubygems.org/gems/commonmarker/versions/0.23.7).
+patched_versions:
+- ">= 0.23.7"
+related:
+  cve:
+  - 2023-22483
+  - 2023-22484
+  - 2023-22485
+  - 2023-22486
+  ghsa:
+  - 29g3-96g3-jg6c
+  - 24f7-9frr-5h2r
+  - c944-cv5f-hpvr
+  - r572-jvj2-3m8p
diff --git a/gems/curupira/CVE-2015-10053.yml b/gems/curupira/CVE-2015-10053.yml
index 21e781b826..b4f042e64d 100644
--- a/gems/curupira/CVE-2015-10053.yml
+++ b/gems/curupira/CVE-2015-10053.yml
@@ -14,6 +14,7 @@ description: |
   93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the
   affected component. VDB-218394 is the identifier assigned to this
   vulnerability.
+cvss_v3: 9.8
 patched_versions:
 - ">= 0.1.4"
 related:
diff --git a/gems/devise/CVE-2015-8314.yml b/gems/devise/CVE-2015-8314.yml
index c614dd6205..1f8d161fd3 100644
--- a/gems/devise/CVE-2015-8314.yml
+++ b/gems/devise/CVE-2015-8314.yml
@@ -1,6 +1,7 @@
 ---
 gem: devise
 cve: 2015-8314
+ghsa: 746g-3gfp-hfhw
 url: http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/
 title: Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
 date: 2016-01-18
@@ -11,4 +12,4 @@ description: |
   the password frequently, the cookie can be used to gain access to the
   application indefinitely.
 patched_versions:
-- '>= 3.5.4'
+- ">= 3.5.4"
diff --git a/gems/fluentd/CVE-2017-10906.yml b/gems/fluentd/CVE-2017-10906.yml
new file mode 100644
index 0000000000..8fd76b4126
--- /dev/null
+++ b/gems/fluentd/CVE-2017-10906.yml
@@ -0,0 +1,21 @@
+---
+gem: fluentd
+cve: 2017-10906
+ghsa: 5jrp-w8fr-mrww
+url: https://github.com/fluent/fluentd/pull/1733
+title: Fluentd Escape Sequence Injection Vulnerability
+date: 2022-05-13
+description: |
+  Escape sequence injection vulnerability in Fluentd versions 0.12.29 through
+  0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands
+  on the device via unspecified vectors.
+cvss_v3: 9.8
+unaffected_versions:
+- "< 0.12.29"
+patched_versions:
+- ">= 0.12.41"
+related:
+  url:
+  - https://access.redhat.com/errata/RHSA-2018:2225
+  - https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes
+  - https://jvn.jp/en/vu/JVNVU95124098/index.html
diff --git a/gems/git/CVE-2022-47318.yml b/gems/git/CVE-2022-47318.yml
new file mode 100644
index 0000000000..b037c8c3ad
--- /dev/null
+++ b/gems/git/CVE-2022-47318.yml
@@ -0,0 +1,18 @@
+---
+gem: git
+cve: 2022-47318
+ghsa: pphf-gfrm-v32r
+url: https://github.com/ruby-git/ruby-git/pull/602
+title: Code injection in ruby git
+date: 2023-01-17
+description: |
+  ruby-git versions prior to v1.13.0 allows a remote authenticated attacker
+  to execute an arbitrary ruby code by having a user to load a repository containing
+  a specially crafted filename to the product. This vulnerability is different from
+  CVE-2022-46648.
+cvss_v3: 8.0
+patched_versions:
+- ">= 1.13.0"
+related:
+  url:
+  - https://jvn.jp/en/jp/JVN16765254/index.html
diff --git a/gems/gitaly/CVE-2020-13353.yml b/gems/gitaly/CVE-2020-13353.yml
new file mode 100644
index 0000000000..a5e0ec1b6c
--- /dev/null
+++ b/gems/gitaly/CVE-2020-13353.yml
@@ -0,0 +1,21 @@
+---
+gem: gitaly
+cve: 2020-13353
+ghsa: mmmm-chjf-jmvw
+url: https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13353.json
+title: Gitaly Insufficient Session Expiration vulnerability
+date: 2022-05-24
+description: |
+  When importing repos via URL, one time use git credentials were persisted
+  beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are:
+  >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
+cvss_v3: 3.2
+unaffected_versions:
+- "< 1.79.0"
+patched_versions:
+- "~> 13.3.9"
+- "~> 13.4.5"
+- ">= 13.5.2"
+related:
+  url:
+  - https://gitlab.com/gitlab-org/gitaly/-/issues/2882
diff --git a/gems/hammer_cli_foreman/CVE-2017-2667.yml b/gems/hammer_cli_foreman/CVE-2017-2667.yml
new file mode 100644
index 0000000000..0c50d16691
--- /dev/null
+++ b/gems/hammer_cli_foreman/CVE-2017-2667.yml
@@ -0,0 +1,20 @@
+---
+gem: hammer_cli_foreman
+cve: 2017-2667
+ghsa: 77h8-xr85-3x5q
+url: https://access.redhat.com/errata/RHSA-2018:0336
+title: hammer_cli_foreman Improper Certificate Validation vulnerability
+date: 2022-05-13
+description: |
+  Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not
+  explicitly set the verify_ssl flag for apipie-bindings that disable it by default.
+  As a result the server certificates are not checked and connections are prone to
+  man-in-the-middle attacks.
+cvss_v3: 8.1
+patched_versions:
+- ">= 0.10.0"
+related:
+  url:
+  - https://bugzilla.redhat.com/show_bug.cgi?id=1436262
+  - http://projects.theforeman.org/issues/19033
+  - http://www.securityfocus.com/bid/97153
diff --git a/gems/jquery-ui-rails/CVE-2016-7103.yml b/gems/jquery-ui-rails/CVE-2016-7103.yml
index 2e306f7c39..2d1838f6e2 100644
--- a/gems/jquery-ui-rails/CVE-2016-7103.yml
+++ b/gems/jquery-ui-rails/CVE-2016-7103.yml
@@ -2,9 +2,10 @@
 gem: jquery-ui-rails
 framework: rails
 cve: 2016-7103
-date: 2016-08-27
+ghsa: hpcf-8vf9-q4gj
 url: https://github.com/jquery/api.jqueryui.com/issues/281
 title: XSS Vulnerability on closeText option of Dialog jQuery UI
+date: 2016-08-27
 description: |
   Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might
   allow remote attackers to inject arbitrary web script or HTML via the
@@ -12,8 +13,7 @@ description: |
 cvss_v2: 4.3
 cvss_v3: 6.1
 patched_versions:
-- '>= 6.0.0'
-
+- ">= 6.0.0"
 related:
   url:
   - https://github.com/jquery/jquery-ui/pull/1635
diff --git a/gems/katello/CVE-2016-3072.yml b/gems/katello/CVE-2016-3072.yml
new file mode 100644
index 0000000000..0ea5e6ed3f
--- /dev/null
+++ b/gems/katello/CVE-2016-3072.yml
@@ -0,0 +1,20 @@
+---
+gem: katello
+cve: 2016-3072
+ghsa: 527r-mfmj-prqf
+url: https://github.com/Katello/katello/pull/6051
+title: Katello SQL Injection vulnerabilities
+date: 2022-05-14
+description: |
+  Multiple SQL injection vulnerabilities in the scoped_search function
+  in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated
+  users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.
+cvss_v3: 8.8
+patched_versions:
+- ">= 2.4.3"
+related:
+  url:
+  - https://access.redhat.com/errata/RHSA-2016:1083
+  - https://bugzilla.redhat.com/show_bug.cgi?id=1322050
+  - https://github.com/Katello/katello/commit/5645ed4365980a34e30a9c57fe0793dff729e8e4
+  - https://access.redhat.com/security/cve/CVE-2016-3072
diff --git a/gems/katello/CVE-2017-2662.yml b/gems/katello/CVE-2017-2662.yml
new file mode 100644
index 0000000000..09b6bb6521
--- /dev/null
+++ b/gems/katello/CVE-2017-2662.yml
@@ -0,0 +1,20 @@
+---
+gem: katello
+cve: 2017-2662
+ghsa: cpv6-pfq6-j2v7
+url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662
+title: katello Improper Privilege Management vulnerability
+date: 2022-05-13
+description: |
+  A flaw was found in Foreman's katello plugin version 3.4.5. After setting
+  a new role to allow restricted access on a repository with a filter (filter set
+  on the Product Name), the filter is not respected when the actions are done via
+  hammer using the repository id.
+cvss_v3: 4.3
+patched_versions:
+- ">= 3.17.0.rc1"
+related:
+  url:
+  - https://projects.theforeman.org/issues/18838
+  - https://github.com/Katello/katello/pull/8772
+  - https://github.com/Katello/katello/commit/853260e3e9f94179d5881199e7885d1c08e600f6
diff --git a/gems/katello/CVE-2018-14623.yml b/gems/katello/CVE-2018-14623.yml
new file mode 100644
index 0000000000..b38653f3ed
--- /dev/null
+++ b/gems/katello/CVE-2018-14623.yml
@@ -0,0 +1,18 @@
+---
+gem: katello
+cve: 2018-14623
+ghsa: jx5v-788g-qw58
+url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623
+title: katello SQL Injection vulnerability
+date: 2022-05-13
+description: |
+  A SQL injection flaw was found in katello's errata-related API. An authenticated
+  remote attacker can craft input data to force a malformed SQL query to the backend
+  database, which will leak internal IDs. This is issue is related to an incomplete
+  fix for CVE-2016-3072. Version 3.10 and older is vulnerable.
+cvss_v3: 4.3
+related:
+  url:
+  - https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224
+  ghsa:
+  - 527r-mfmj-prqf
diff --git a/gems/katello/CVE-2018-16887.yml b/gems/katello/CVE-2018-16887.yml
new file mode 100644
index 0000000000..8a5deb91c9
--- /dev/null
+++ b/gems/katello/CVE-2018-16887.yml
@@ -0,0 +1,20 @@
+---
+gem: katello
+cve: 2018-16887
+ghsa: mhhc-r88h-2qrm
+url: https://access.redhat.com/errata/RHSA-2019:1222
+title: katello Cross-site Scripting vulnerability
+date: 2022-05-14
+description: |
+  A cross-site scripting (XSS) flaw was found in the katello component
+  of Satellite. An attacker with privilege to create/edit organizations and locations
+  is able to execute a XSS attacks against other users through the Subscriptions or
+  the Red Hat Repositories wizards. This can possibly lead to malicious code execution
+  and extraction of the anti-CSRF token of higher privileged users. Versions before
+  3.9.0 are vulnerable.
+cvss_v3: 5.4
+patched_versions:
+- ">= 3.9.0"
+related:
+  url:
+  - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16887
diff --git a/gems/mixlib-archive/CVE-2017-1000026.yml b/gems/mixlib-archive/CVE-2017-1000026.yml
new file mode 100644
index 0000000000..e04e209217
--- /dev/null
+++ b/gems/mixlib-archive/CVE-2017-1000026.yml
@@ -0,0 +1,17 @@
+---
+gem: mixlib-archive
+cve: 2017-1000026
+ghsa: 98wx-cw86-c97x
+url: https://github.com/chef/mixlib-archive/blob/master/CHANGELOG.md
+title: mixlib-archive Path Traversal vulnerability
+date: 2022-05-13
+description: |
+  Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable
+  to a directory traversal attack allowing attackers to overwrite arbitrary files
+  by using `..` in tar archive entries
+cvss_v3: 7.5
+patched_versions:
+- ">= 0.4.0"
+related:
+  url:
+  - https://github.com/chef/mixlib-archive/pull/6
diff --git a/gems/omniauth-weibo-oauth2/CVE-2019-17268.yml b/gems/omniauth-weibo-oauth2/CVE-2019-17268.yml
new file mode 100644
index 0000000000..0a0f6384bf
--- /dev/null
+++ b/gems/omniauth-weibo-oauth2/CVE-2019-17268.yml
@@ -0,0 +1,19 @@
+---
+gem: omniauth-weibo-oauth2
+cve: 2019-17268
+ghsa: vr22-43gj-rx3f
+url: https://github.com/beenhero/omniauth-weibo-oauth2/issues/36
+title: omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third-party
+date: 2022-05-24
+description: |
+  The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org,
+  included a code-execution backdoor inserted by a third party. Versions through 0.4.5,
+  and 0.5.1 and later, are unaffected.
+cvss_v3: 9.8
+unaffected_versions:
+- "< 0.4.6"
+patched_versions:
+- ">= 0.5.1"
+related:
+  url:
+  - https://diff.coditsu.io/diffs/09a05c37-1b34-49e1-ac94-d4dda40d1ad1#d2h-971595
diff --git a/gems/papercrop/CVE-2015-2784.yml b/gems/papercrop/CVE-2015-2784.yml
new file mode 100644
index 0000000000..6be5eacbc3
--- /dev/null
+++ b/gems/papercrop/CVE-2015-2784.yml
@@ -0,0 +1,13 @@
+---
+gem: papercrop
+cve: 2015-2784
+ghsa: m44r-gv6q-9j9r
+url: https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579
+title: papercrop does not properly handle crop input
+date: 2022-05-24
+description: |
+  The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle
+  crop input.
+cvss_v3: 9.8
+patched_versions:
+- ">= 0.3.0"
diff --git a/gems/publify_core/CVE-2023-0569.yml b/gems/publify_core/CVE-2023-0569.yml
new file mode 100644
index 0000000000..faca46e047
--- /dev/null
+++ b/gems/publify_core/CVE-2023-0569.yml
@@ -0,0 +1,16 @@
+---
+gem: publify_core
+cve: 2023-0569
+ghsa: g7gf-2rqw-5rwx
+url: https://github.com/publify/publify/commit/8905e4e639cf03b758da558568a86c9816253b2d
+title: Publify contains Weak Password Requirements
+date: 2023-01-29
+description: |
+  Weak Password Requirements in GitHub repository publify/publify prior
+  to 9.2.10.
+cvss_v3: 6.5
+patched_versions:
+- ">= 9.2.10"
+related:
+  url:
+  - https://huntr.dev/bounties/81b1e1da-10dd-435e-94ae-4bdd41df6df9
diff --git a/gems/sanitize/CVE-2023-23627.yml b/gems/sanitize/CVE-2023-23627.yml
new file mode 100644
index 0000000000..718fc27dec
--- /dev/null
+++ b/gems/sanitize/CVE-2023-23627.yml
@@ -0,0 +1,34 @@
+---
+gem: sanitize
+cve: 2023-23627
+ghsa: fw3g-2h3j-qmm7
+url: https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7
+title: Improper neutralization of `noscript` element content may allow XSS in Sanitize
+date: 2023-01-28
+description: |-
+  ### Impact
+
+  Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize `>= 5.0.0, < 6.0.1` when Sanitize is configured with a custom allowlist that allows `noscript` elements. This could result in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser.
+
+  Sanitize's default configs don't allow `noscript` elements and are not vulnerable. This issue only affects users who are using a custom config that adds `noscript` to the element allowlist.
+
+  ### Patches
+
+  Sanitize `>= 6.0.1` always removes `noscript` elements and their contents, even when `noscript` is in the allowlist.
+
+  ### Workarounds
+
+  Users who are unable to upgrade can prevent this issue by using one of Sanitize's default configs or by ensuring that their custom config does not include `noscript` in the element allowlist.
+
+  ### Details
+
+  The root cause of this issue is that HTML parsing rules treat the contents of a `noscript` element differently depending on whether scripting is enabled in the user agent. Nokogiri (the HTML parser Sanitize uses) doesn't support scripting so it follows the "scripting disabled" rules, but a web browser with scripting enabled will follow the "scripting enabled" rules. This means that Sanitize can't reliably make the contents of a `noscript` element safe for scripting enabled browsers. The safest thing to do is to remove the element and its contents entirely, which is now what Sanitize does in version 6.0.1 and later.
+cvss_v3: 6.1
+unaffected_versions:
+- "< 5.0.0"
+patched_versions:
+- ">= 6.0.1"
+related:
+  url:
+  - https://github.com/rgrove/sanitize/commit/ec14265e530dc3fe31ce2ef773594d3a97778d22
+  - https://github.com/rgrove/sanitize/releases/tag/v6.0.1
diff --git a/gems/smalruby-editor/CVE-2017-2096.yml b/gems/smalruby-editor/CVE-2017-2096.yml
new file mode 100644
index 0000000000..2c01f004f9
--- /dev/null
+++ b/gems/smalruby-editor/CVE-2017-2096.yml
@@ -0,0 +1,17 @@
+---
+gem: smalruby-editor
+cve: 2017-2096
+ghsa: f489-655r-x6gr
+url: http://jvn.jp/en/jp/JVN50197114/index.html
+title: smalruby and smalruby-editor vulnerable to OS Command Injection
+date: 2022-05-13
+description: |
+  smalruby-editor prior to 0.4.1 and smalruby prior to 0.1.11 allows remote
+  attackers to execute arbitrary OS commands via unspecified vectors.
+cvss_v3: 9.8
+patched_versions:
+- ">= 0.4.1"
+related:
+  url:
+  - http://smalruby.jp/blog/2017/01/14/smalruby-editor-0-4-1-has-been-released-english.html
+  - https://web.archive.org/web/20200227194312/http://www.securityfocus.com/bid/95775
diff --git a/gems/smalruby/CVE-2017-2096.yml b/gems/smalruby/CVE-2017-2096.yml
new file mode 100644
index 0000000000..68a986d763
--- /dev/null
+++ b/gems/smalruby/CVE-2017-2096.yml
@@ -0,0 +1,17 @@
+---
+gem: smalruby
+cve: 2017-2096
+ghsa: f489-655r-x6gr
+url: http://jvn.jp/en/jp/JVN50197114/index.html
+title: smalruby and smalruby-editor vulnerable to OS Command Injection
+date: 2022-05-13
+description: |
+  smalruby-editor prior to 0.4.1 and smalruby prior to 0.1.11 allows remote
+  attackers to execute arbitrary OS commands via unspecified vectors.
+cvss_v3: 9.8
+patched_versions:
+- ">= 0.1.11"
+related:
+  url:
+  - http://smalruby.jp/blog/2017/01/14/smalruby-editor-0-4-1-has-been-released-english.html
+  - https://web.archive.org/web/20200227194312/http://www.securityfocus.com/bid/95775
diff --git a/gems/smashing/CVE-2021-35440.yml b/gems/smashing/CVE-2021-35440.yml
new file mode 100644
index 0000000000..e4288827d8
--- /dev/null
+++ b/gems/smashing/CVE-2021-35440.yml
@@ -0,0 +1,19 @@
+---
+gem: smashing
+cve: 2021-35440
+ghsa: 254j-mmc5-qhpx
+url: https://github.com/Smashing/smashing/pull/186
+title: Smashing Cross-site Scripting vulnerability
+date: 2022-05-24
+description: |
+  Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for
+  a widget can be crafted and used to execute JavaScript on the victim's computer.
+  The JavaScript code can then steal data available in the session/cookies depending
+  on the user environment (e.g. if re-using internal URL's for deploying, or cookies
+  that are very permissive) private information may be retrieved by the attacker.
+cvss_v3: 6.1
+patched_versions:
+- ">= 1.3.5"
+related:
+  url:
+  - https://github.com/Smashing/smashing/blob/ad7325f159f89854ca4e7d94e7be9bee507b6d46/CHANGELOG.md
diff --git a/gems/xapian-core/CVE-2018-0499.yml b/gems/xapian-core/CVE-2018-0499.yml
new file mode 100644
index 0000000000..0c77222f1e
--- /dev/null
+++ b/gems/xapian-core/CVE-2018-0499.yml
@@ -0,0 +1,17 @@
+---
+gem: xapian-core
+cve: 2018-0499
+ghsa: 7qw4-w7hf-22q3
+url: https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
+title: xapian-core Cross-site Scripting vulnerability
+date: 2022-05-14
+description: |
+  A cross-site scripting vulnerability in `queryparser/termgenerator_internal.cc`
+  in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by `Xapian::MSet::snippet()`.
+cvss_v3: 6.1
+patched_versions:
+- ">= 1.4.6"
+related:
+  url:
+  - https://trac.xapian.org/wiki/SecurityFixes/2018-07-02
+  - https://usn.ubuntu.com/3709-1/
diff --git a/gems/xaviershay-dm-rails/CVE-2015-2179.yml b/gems/xaviershay-dm-rails/CVE-2015-2179.yml
index f9f378c887..66f1aee91a 100644
--- a/gems/xaviershay-dm-rails/CVE-2015-2179.yml
+++ b/gems/xaviershay-dm-rails/CVE-2015-2179.yml
@@ -2,9 +2,9 @@
 gem: xaviershay-dm-rails
 cve: 2015-2179
 osvdb: 118579
+ghsa: 88p8-4vv5-82j7
 url: https://nvd.nist.gov/vuln/detail/CVE-2015-2179
-title: |
-  xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table
+title: xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table
 date: 2015-02-17
 description: |
   xaviershay-dm-rails Gem for Ruby contains a flaw in the execute() function