Skip to content

Commit 2a75a71

Browse files
jasnowpostmodern
jasnow
authored and
postmodern
committed
GHSA SYNC: Merged 2 OSVDB and GHSA advisories
1 parent aee7a6e commit 2a75a71

File tree

2 files changed

+19
-10
lines changed

2 files changed

+19
-10
lines changed

gems/activejob/OSVDB-112347.yml renamed to gems/activejob/GHSA-mpwp-4h2m-765c.yml

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,16 @@
11
---
22
gem: activejob
3+
framework: rails
4+
ghsa: mpwp-4h2m-765c
35
osvdb: 112347
4-
url: https://advisories.gitlab.com/pkg/gem/activejob/OSVDB-112347
6+
url: https://github.com/advisories/GHSA-mpwp-4h2m-765c
57
title: Active Job - Object injection security vulnerability if Global IDs
68
date: 2014-09-29
79
description: |
10+
Active Job vulnerability: An Active Job bug allowed String
11+
arguments to be deserialized as if they were Global IDs, an
12+
object injection security vulnerability.
13+
814
* In release post: "Active Job vulnerability:
915
We also fixed an Active Job bug that allowed String
1016
arguments to be deserialized as if they were Global IDs,
@@ -13,7 +19,9 @@ patched_versions:
1319
- ">= 4.2.0.beta2"
1420
related:
1521
url:
16-
- https://rubyonrails.org/2014/9/29/Rails-4-2-0-beta2-has-been-released
1722
- https://advisories.gitlab.com/pkg/gem/activejob/OSVDB-112347
23+
- https://rubyonrails.org/2014/9/29/Rails-4-2-0-beta2-has-been-released
24+
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/OSVDB-112347.yml
25+
- https://github.com/advisories/GHSA-mpwp-4h2m-765c
1826
notes: |
19-
- No CVE, GHSA, or CVSS values
27+
- No CVE or CVSS values.

gems/activerecord-jdbc-adapter/OSVDB-114854.yml renamed to gems/activerecord-jdbc-adapter/GHSA-5qw5-wf2q-f538.yml

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,10 @@
22
gem: activerecord-jdbc-adapter
33
platform: jruby
44
osvdb: 114854
5-
url: https://github.com/jruby/activerecord-jdbc-adapter/issues/322
6-
title:
7-
ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub()
8-
Function SQL Injection
5+
ghsa: 5qw5-wf2q-f538
6+
url: https://github.com/advisories/GHSA-5qw5-wf2q-f538
7+
title: ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb
8+
sql.gsub() Function SQL Injection
99
date: 2013-02-25
1010
description: |
1111
ActiveRecord-JDBC-Adapter (AR-JDBC) contains a flaw that may allow carrying
@@ -22,7 +22,8 @@ related:
2222
url:
2323
- https://github.com/jruby/activerecord-jdbc-adapter/issues/322
2424
- https://github.com/jruby/activerecord-jdbc-adapter/blob/master/lib/arjdbc/jdbc/adapter.rb
25-
- https://security.snyk.io/vuln/SNYK-RUBY-ACTIVERECORDJDBCADAPTER-20076
2625
- https://my.diffend.io/gems/activerecord-jdbc-adapter/1.2.5/1.2.8
27-
- http://osvdb.org/show/osvdb/114854
28-
- https://advisories.gitlab.com/pkg/gem/activerecord-jdbc-adapter/OSVDB-2013-02-25
26+
- https://security.snyk.io/vuln/SNYK-RUBY-ACTIVERECORDJDBCADAPTER-20076
27+
- https://github.com/advisories/GHSA-5qw5-wf2q-f538
28+
notes: |
29+
- No CVE, CVSS values.

0 commit comments

Comments
 (0)