Skip to content

Commit 6847b45

Browse files
authored
GHSA SYNC: 3 modified and 1 brand new advisory (#855)
1 parent 4b6766f commit 6847b45

File tree

4 files changed

+27
-0
lines changed

4 files changed

+27
-0
lines changed

gems/cgi/CVE-2025-27219.yml

+2
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
---
22
gem: cgi
33
cve: 2025-27219
4+
ghsa: gh9q-2xrm-x6qv
45
url: https://www.cve.org/CVERecord?id=CVE-2025-27219
56
title: CVE-2025-27219 - Denial of Service in CGI::Cookie.parse
67
date: 2025-02-26
@@ -25,6 +26,7 @@ description: |
2526
2627
Thanks to lio346 for discovering this issue.
2728
Also thanks to mame for fixing this vulnerability.
29+
cvss_v3: 5.8
2830
patched_versions:
2931
- "~> 0.3.5.1"
3032
- "~> 0.3.7"

gems/cgi/CVE-2025-27220.yml

+2
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
---
22
gem: cgi
33
cve: 2025-27220
4+
ghsa: mhwm-jh88-3gjf
45
url: https://www.cve.org/CVERecord?id=CVE-2025-27220
56
title: CVE-2025-27220 - ReDoS in CGI::Util#escapeElement.
67
date: 2025-02-26
@@ -26,6 +27,7 @@ description: |
2627
2728
Thanks to svalkanov for discovering this issue.
2829
Also thanks to nobu for fixing this vulnerability.
30+
cvss_v3: 4.0
2931
patched_versions:
3032
- "~> 0.3.5.1"
3133
- "~> 0.3.7"

gems/oxidized-web/CVE-2025-27590.yml

+21
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
---
2+
gem: oxidized-web
3+
cve: 2025-27590
4+
ghsa: jx6p-9c26-g373
5+
url: https://github.com/advisories/GHSA-jx6p-9c26-g373
6+
title: Oxidized Web RANCID migration page allows unauthenticated
7+
user to gain control over Linux user account
8+
date: 2025-03-03
9+
description: |
10+
In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID
11+
migration page allows an unauthenticated user to gain control
12+
over the Linux user account that is running oxidized-web.
13+
cvss_v3: 9.1
14+
patched_versions:
15+
- ">= 0.15.0"
16+
related:
17+
url:
18+
- https://nvd.nist.gov/vuln/detail/CVE-2025-27590
19+
- https://github.com/ytti/oxidized-web/releases/tag/0.15.0
20+
- https://github.com/ytti/oxidized-web/commit/a5220a0ddc57b85cd122bffee228d3ed4901668e
21+
- https://github.com/advisories/GHSA-jx6p-9c26-g373

gems/uri/CVE-2025-27221.yml

+2
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
---
22
gem: uri
33
cve: 2025-27221
4+
ghsa: 22h5-pq3x-2gf2
45
url: https://www.cve.org/CVERecord?id=CVE-2025-27221
56
title: CVE-2025-27221 - userinfo leakage in URI#join, URI#merge and URI#+.
67
date: 2025-02-26
@@ -29,6 +30,7 @@ description: |
2930
3031
Thanks to Tsubasa Irisawa (lambdasawa) for discovering this issue.
3132
Also thanks to nobu for additional fixes of this vulnerability.
33+
cvss_v3: 3.2
3234
patched_versions:
3335
- "~> 0.11.3"
3436
- "~> 0.12.4"

0 commit comments

Comments
 (0)