Skip to content

GHSA SYNC: Merged 2 OSVDB and GHSA advisories #964

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jasnow wants to merge 1 commit into
base: master
Choose a base branch
from
+19 −10
Open

GHSA SYNC: Merged 2 OSVDB and GHSA advisories #964

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 11 additions & 3 deletions gems/activejob/OSVDB-112347.yml → gems/activejob/GHSA-mpwp-4h2m-765c.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,16 @@
---
gem: activejob
framework: rails
ghsa: mpwp-4h2m-765c
osvdb: 112347
url: https://advisories.gitlab.com/pkg/gem/activejob/OSVDB-112347
url: https://github.com/advisories/GHSA-mpwp-4h2m-765c
title: Active Job - Object injection security vulnerability if Global IDs
date: 2014-09-29
description: |
Active Job vulnerability: An Active Job bug allowed String
arguments to be deserialized as if they were Global IDs, an
object injection security vulnerability.

* In release post: "Active Job vulnerability:
We also fixed an Active Job bug that allowed String
arguments to be deserialized as if they were Global IDs,
Expand All @@ -13,7 +19,9 @@ patched_versions:
- ">= 4.2.0.beta2"
related:
url:
- https://rubyonrails.org/2014/9/29/Rails-4-2-0-beta2-has-been-released
- https://advisories.gitlab.com/pkg/gem/activejob/OSVDB-112347
- https://rubyonrails.org/2014/9/29/Rails-4-2-0-beta2-has-been-released
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/OSVDB-112347.yml
- https://github.com/advisories/GHSA-mpwp-4h2m-765c
notes: |
- No CVE, GHSA, or CVSS values
- No CVE or CVSS values.
15 changes: 8 additions & 7 deletions ...ctiverecord-jdbc-adapter/OSVDB-114854.yml → ...cord-jdbc-adapter/GHSA-5qw5-wf2q-f538.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
gem: activerecord-jdbc-adapter
platform: jruby
osvdb: 114854
url: https://github.com/jruby/activerecord-jdbc-adapter/issues/322
title:
ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub()
Function SQL Injection
ghsa: 5qw5-wf2q-f538
url: https://github.com/advisories/GHSA-5qw5-wf2q-f538
title: ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb
sql.gsub() Function SQL Injection
date: 2013-02-25
description: |
ActiveRecord-JDBC-Adapter (AR-JDBC) contains a flaw that may allow carrying
Expand All @@ -22,7 +22,8 @@ related:
url:
- https://github.com/jruby/activerecord-jdbc-adapter/issues/322
- https://github.com/jruby/activerecord-jdbc-adapter/blob/master/lib/arjdbc/jdbc/adapter.rb
- https://security.snyk.io/vuln/SNYK-RUBY-ACTIVERECORDJDBCADAPTER-20076
- https://my.diffend.io/gems/activerecord-jdbc-adapter/1.2.5/1.2.8
- http://osvdb.org/show/osvdb/114854
- https://advisories.gitlab.com/pkg/gem/activerecord-jdbc-adapter/OSVDB-2013-02-25
- https://security.snyk.io/vuln/SNYK-RUBY-ACTIVERECORDJDBCADAPTER-20076
- https://github.com/advisories/GHSA-5qw5-wf2q-f538
notes: |
- No CVE, CVSS values.