Skip to content

Commit c9864f1

Browse files
authored
Merge pull request #1129 from connorshea/fix-cvss-score
Fix CVSS v3 and v4 parsing/output in GitHub advisory sync. The changes were straightforward so I think it is safe for me to merge this PR.
2 parents 54d6a41 + f84b31b commit c9864f1

78 files changed

Lines changed: 105 additions & 8 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

gems/action_text-trix/GHSA-53p3-c7vp-4mcc.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ description: |
3434
3535
The XSS vulnerability was responsibly reported by Hackerone
3636
researcher [newbiefromcoma](https://hackerone.com/newbiefromcoma).
37+
cvss_v4: 2.1
3738
patched_versions:
3839
- ">= 2.1.18"
3940
related:

gems/actionmailer/CVE-2024-47889.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ description: |
3434
##Credits
3535
3636
Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the report!
37+
cvss_v4: 6.6
3738
unaffected_versions:
3839
- "< 3.0.0"
3940
patched_versions:

gems/actionpack/CVE-2024-47887.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ description: |
3636
## Credits
3737
3838
Thanks to [scyoon](https://hackerone.com/scyoon) for reporting
39+
cvss_v4: 6.6
3940
unaffected_versions:
4041
- "< 4.0.0"
4142
patched_versions:

gems/actionpack/CVE-2026-33167.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ description: |
1515
1616
### Releases
1717
The fixed releases are available at the normal locations.
18+
cvss_v4: 1.3
1819
unaffected_versions:
1920
- "< 8.1.0"
2021
patched_versions:

gems/actiontext/CVE-2024-32464.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,7 @@ description: |
4646
4747
Thank you [ooooooo_q](https://hackerone.com/ooooooo_q) for reporting this!
4848
cvss_v3: 6.1
49+
cvss_v4: 5.1
4950
unaffected_versions:
5051
- "< 7.1.0"
5152
patched_versions:

gems/actiontext/CVE-2024-47888.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ description: |
3535
## Credits
3636
3737
Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the report!
38+
cvss_v4: 6.6
3839
unaffected_versions:
3940
- "< 6.0.0"
4041
patched_versions:

gems/actionview/CVE-2026-33168.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ description: |
1515
1616
### Releases
1717
The fixed releases are available at the normal locations.
18+
cvss_v4: 2.3
1819
patched_versions:
1920
- "~> 7.2.3, >= 7.2.3.1"
2021
- "~> 8.0.4, >= 8.0.4.1"

gems/activejob/GHSA-mpwp-4h2m-765c.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ description: |
1515
We also fixed an Active Job bug that allowed String
1616
arguments to be deserialized as if they were Global IDs,
1717
an object injection security vulnerability.
18+
cvss_v4: 6.6
1819
patched_versions:
1920
- ">= 4.2.0.beta2"
2021
related:

gems/activerecord-jdbc-adapter/GHSA-5qw5-wf2q-f538.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ description: |
1414
using it in SQL queries. This may allow a remote attacker to inject or
1515
manipulate SQL queries in the back-end database, allowing for the
1616
manipulation or disclosure of arbitrary data.
17+
cvss_v4: 8.8
1718
unaffected_versions:
1819
- "< 1.2.6"
1920
patched_versions:

gems/activerecord/CVE-2013-3221.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ description: |
2121
But "Indeed the vector is completely fixed as of Rails 4.2 almost
2222
two years after the original advisory."
2323
cvss_v2: 6.4
24+
cvss_v4: 9.3
2425
patched_versions:
2526
- ">= 4.2.0"
2627
related:

0 commit comments

Comments
 (0)