Updated advisory posts against rubysec/ruby-advisory-db@446f848

jasnow · RubySec CI · commit 8799dbaf249c · 2024-08-03T02:22:48.000Z
diff --git a/advisories/_posts/2016-07-27-CVE-2016-10735.md b/advisories/_posts/2016-07-27-CVE-2016-10735.md
@@ -7,6 +7,7 @@ categories:
 advisory:
   gem: bootstrap
   cve: 2016-10735
+  ghsa: 4p24-vmcr-4gqj
   url: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
   title: XSS vulnerability via data-target in bootstrap
   date: 2016-07-27
diff --git a/advisories/_posts/2019-01-17-CVE-2018-20676.md b/advisories/_posts/2019-01-17-CVE-2018-20676.md
@@ -0,0 +1,38 @@
+---
+layout: advisory
+title: 'CVE-2018-20676 (bootstrap): XSS vulnerability that affects bootstrap'
+comments: false
+categories:
+- bootstrap
+advisory:
+  gem: bootstrap
+  cve: 2018-20676
+  ghsa: 3mgp-fx93-9xv5
+  url: https://github.com/advisories/GHSA-3mgp-fx93-9xv5
+  title: XSS vulnerability that affects bootstrap
+  date: 2019-01-17
+  description: |
+    In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport
+    attribute.
+  cvss_v2: 4.3
+  cvss_v3: 6.1
+  patched_versions:
+  - ">= 3.4.0"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-20676
+    - https://github.com/twbs/bootstrap/issues/27044
+    - https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
+    - https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
+    - https://github.com/twbs/bootstrap/pull/27047
+    - https://access.redhat.com/errata/RHBA-2019:1076
+    - https://access.redhat.com/errata/RHBA-2019:1570
+    - https://access.redhat.com/errata/RHSA-2019:1456
+    - https://access.redhat.com/errata/RHSA-2019:3023
+    - https://access.redhat.com/errata/RHSA-2020:0132
+    - https://access.redhat.com/errata/RHSA-2020:0133
+    - https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@
+    - https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
+    - https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
+    - https://github.com/advisories/GHSA-3mgp-fx93-9xv5
+---
diff --git a/advisories/_posts/2019-01-17-CVE-2018-20677.md b/advisories/_posts/2019-01-17-CVE-2018-20677.md
@@ -0,0 +1,39 @@
+---
+layout: advisory
+title: 'CVE-2018-20677 (bootstrap): bootstrap Cross-site Scripting vulnerability'
+comments: false
+categories:
+- bootstrap
+advisory:
+  gem: bootstrap
+  cve: 2018-20677
+  ghsa: ph58-4vrj-w6hr
+  url: https://github.com/advisories/GHSA-ph58-4vrj-w6hr
+  title: bootstrap Cross-site Scripting vulnerability
+  date: 2019-01-17
+  description: |
+    In Bootstrap before 3.4.0, XSS is possible in the affix
+    configuration target property.
+  cvss_v2: 4.3
+  cvss_v3: 6.1
+  patched_versions:
+  - ">= 3.4.0"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-20677
+    - https://github.com/twbs/bootstrap/issues/27045
+    - https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
+    - https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
+    - https://github.com/twbs/bootstrap/pull/27047
+    - https://access.redhat.com/errata/RHBA-2019:1076
+    - https://access.redhat.com/errata/RHBA-2019:1570
+    - https://access.redhat.com/errata/RHSA-2019:1456
+    - https://access.redhat.com/errata/RHSA-2019:3023
+    - https://access.redhat.com/errata/RHSA-2020:0132
+    - https://access.redhat.com/errata/RHSA-2020:0133
+    - https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@
+    - https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@
+    - https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
+    - https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
+    - https://github.com/advisories/GHSA-ph58-4vrj-w6hr
+---
diff --git a/advisories/_posts/2024-07-11-CVE-2024-6484.md b/advisories/_posts/2024-07-11-CVE-2024-6484.md
@@ -0,0 +1,31 @@
+---
+layout: advisory
+title: 'CVE-2024-6484 (bootstrap): Bootstrap Cross-Site Scripting (XSS) vulnerability'
+comments: false
+categories:
+- bootstrap
+advisory:
+  gem: bootstrap
+  cve: 2024-6484
+  ghsa: 9mvj-f7w8-pvh2
+  url: https://github.com/advisories/GHSA-9mvj-f7w8-pvh2
+  title: Bootstrap Cross-Site Scripting (XSS) vulnerability
+  date: 2024-07-11
+  description: |
+    A vulnerability has been identified in Bootstrap that exposes users
+    to Cross-Site Scripting (XSS) attacks. The issue is present in the
+    carousel component, where the data-slide and data-slide-to attributes
+    can be exploited through the href attribute of an <a> tag due to
+    inadequate sanitization. This vulnerability could potentially enable
+    attackers to execute arbitrary JavaScript within the victim's browser.
+  cvss_v3: 6.4
+  unaffected_versions:
+  - "< 2.0.0"
+  patched_versions:
+  - "> 3.4.1"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-6484
+    - https://www.herodevs.com/vulnerability-directory/cve-2024-6484
+    - https://github.com/advisories/GHSA-9mvj-f7w8-pvh2
+---
diff --git a/advisories/_posts/2024-07-11-CVE-2024-6531.md b/advisories/_posts/2024-07-11-CVE-2024-6531.md
@@ -0,0 +1,31 @@
+---
+layout: advisory
+title: 'CVE-2024-6531 (bootstrap): Bootstrap Cross-Site Scripting (XSS) vulnerability'
+comments: false
+categories:
+- bootstrap
+advisory:
+  gem: bootstrap
+  cve: 2024-6531
+  ghsa: vc8w-jr9v-vj7f
+  url: https://github.com/advisories/GHSA-vc8w-jr9v-vj7f
+  title: Bootstrap Cross-Site Scripting (XSS) vulnerability
+  date: 2024-07-11
+  description: |
+    A vulnerability has been identified in Bootstrap that exposes users
+    to Cross-Site Scripting (XSS) attacks. The issue is present in the
+    carousel component, where the data-slide and data-slide-to attributes
+    can be exploited through the href attribute of an <a> tag due to
+    inadequate sanitization. This vulnerability could potentially enable
+    attackers to execute arbitrary JavaScript within the victim's browser.
+  cvss_v3: 6.4
+  unaffected_versions:
+  - "< 4.0.0"
+  patched_versions:
+  - "> 4.6.2"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-6531
+    - https://www.herodevs.com/vulnerability-directory/cve-2024-6531
+    - https://github.com/advisories/GHSA-vc8w-jr9v-vj7f
+---
diff --git a/advisories/_posts/2024-08-01-CVE-2024-41123.md b/advisories/_posts/2024-08-01-CVE-2024-41123.md
@@ -7,6 +7,7 @@ categories:
 advisory:
   gem: rexml
   cve: 2024-41123
+  ghsa: r55c-59qm-vjw6
   url: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123
   title: DoS vulnerabilities in REXML
   date: 2024-08-01
@@ -33,6 +34,7 @@ advisory:
     ## History
 
     Originally published at 2024-08-01 03:00:00 (UTC)
+  cvss_v3: 5.3
   patched_versions:
   - ">= 3.3.3"
   related:
