File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 99* Please see the [ README] ( README.md#schema ) for more documentation on the
1010 YAML Schema.
1111* Prior to submitting a pull request, run the tests:
12-
12+ * Advisory filename and the root of the ` url: ` field must
13+ be equal ` (as of 5/10/2026). `
1314```
1415bundle install
1516bundle exec rspec
Original file line number Diff line number Diff line change 22gem : faraday
33cve : 2026-33637
44ghsa : 5rv5-xj5j-3484
5- url : https://github.com/lostisland/faraday/security/advisories/GHSA-5rv5-xj5j-3484
5+ url : https://nvd.nist.gov/vuln/detail/CVE-2026-33637
66title : Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2 -
77 protocol-relative URI objects still bypass host scoping
88date : 2026-05-18
@@ -31,7 +31,7 @@ description: |
3131 that believe they are constrained to a fixed base URL. If the
3232 connection carries default headers or query parameters, those
3333 values are forwarded to the attacker-selected host.
34- cvss_v3 : 0.0
34+ cvss_v3 : 6.5
3535unaffected_versions :
3636 - " < 2.0.0"
3737patched_versions :
@@ -43,5 +43,3 @@ related:
4343 - https://github.com/lostisland/faraday/security/advisories/GHSA-5rv5-xj5j-3484
4444 - https://github.com/advisories/GHSA-33mh-2634-fwr2
4545 - https://github.com/advisories/GHSA-5rv5-xj5j-3484
46- notes : |
47- - ZERO CVSS value in GHSA and NVD
Original file line number Diff line number Diff line change @@ -51,6 +51,7 @@ patched_versions:
5151 - " >= 3.2.0"
5252related :
5353 url :
54+ - https://www.cve.org/CVERecord?id=CVE-2026-45363
5455 - https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x
5556 - https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f
5657 - https://github.com/jwt/ruby-jwt/releases/tag/v3.2.0
Original file line number Diff line number Diff line change 106106 it { expect ( subject ) . to be_kind_of ( String ) }
107107 it { expect ( subject ) . to_not match ( %r{\A http(s)?://osvdb\. org} ) }
108108 it { expect ( subject ) . not_to be_empty }
109+
110+ it "has a filename that matches the root of the url field" do
111+ url = advisory [ "url" ]
112+
113+ filename_root = File . basename ( path , ".yml" )
114+
115+ # 5/24/2026: May 9, 2026 is earliest start date with no failed checks.
116+ start_date = Date . new ( 2026 , 5 , 9 )
117+ if advisory [ "date" ] >= start_date and !filename_root . start_with? ( "OSVDB" )
118+ expect ( url ) . to include ( filename_root )
119+ end
120+ end
109121 end
110122
111123 describe "title" do
You can’t perform that action at this time.
0 commit comments