From 85965d85a881adeca994131d20f01f25ee30533f Mon Sep 17 00:00:00 2001 From: Al Snow Date: Mon, 12 Jan 2026 16:29:02 -0500 Subject: [PATCH 1/2] Add ghsa: field if GHSA url is already there --- rubies/mruby/CVE-2017-9527.yml | 5 +++-- rubies/mruby/CVE-2018-10191.yml | 1 + rubies/mruby/CVE-2018-10199.yml | 1 + rubies/mruby/CVE-2018-11743.yml | 1 + rubies/mruby/CVE-2018-12247.yml | 1 + rubies/mruby/CVE-2018-12248.yml | 1 + rubies/mruby/CVE-2018-12249.yml | 1 + rubies/mruby/CVE-2018-14337.yml | 1 + rubies/mruby/CVE-2020-15866.yml | 1 + rubies/mruby/CVE-2020-6838.yml | 1 + rubies/mruby/CVE-2020-6839.yml | 1 + rubies/mruby/CVE-2020-6840.yml | 1 + rubies/mruby/CVE-2021-4110.yml | 1 + rubies/mruby/CVE-2021-4188.yml | 1 + rubies/mruby/CVE-2021-46023.yml | 1 + rubies/mruby/CVE-2022-0080.yml | 1 + rubies/mruby/CVE-2022-0240.yml | 1 + rubies/mruby/CVE-2022-0326.yml | 1 + rubies/mruby/CVE-2022-0481.yml | 1 + rubies/mruby/CVE-2022-0525.yml | 1 + rubies/mruby/CVE-2022-0570.yml | 1 + rubies/mruby/CVE-2022-0614.yml | 1 + rubies/mruby/CVE-2022-0623.yml | 1 + rubies/mruby/CVE-2022-0630.yml | 1 + rubies/mruby/CVE-2022-0631.yml | 1 + rubies/mruby/CVE-2022-0632.yml | 1 + rubies/mruby/CVE-2022-0717.yml | 1 + rubies/mruby/CVE-2022-0890.yml | 1 + rubies/mruby/CVE-2022-1071.yml | 1 + rubies/mruby/CVE-2022-1106.yml | 1 + rubies/mruby/CVE-2022-1201.yml | 1 + rubies/mruby/CVE-2022-1212.yml | 1 + rubies/mruby/CVE-2022-1276.yml | 1 + rubies/mruby/CVE-2022-1286.yml | 1 + rubies/mruby/CVE-2022-1427.yml | 1 + rubies/mruby/CVE-2022-1934.yml | 3 ++- rubies/ruby/CVE-2017-17790.yml | 27 ++++++++++++++------------- 37 files changed, 53 insertions(+), 16 deletions(-) diff --git a/rubies/mruby/CVE-2017-9527.yml b/rubies/mruby/CVE-2017-9527.yml index d8bb4d13a5..bd7ae7d65e 100644 --- a/rubies/mruby/CVE-2017-9527.yml +++ b/rubies/mruby/CVE-2017-9527.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2017-9527 +ghsa: fxr6-v647-jgmq url: https://github.com/mruby/mruby/issues/3486 title: Heap use-after-free in mark_context_stack date: 2017-06-11 @@ -20,5 +21,5 @@ related: - https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99 - https://github.com/advisories/GHSA-fxr6-v647-jgmq - https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html - - https://ubuntu.com/security/CVE-2017-9527 (google search) - - https://www.rapid7.com/db/vulnerabilities/debian-cve-2017-9527 (google search) + - https://ubuntu.com/security/CVE-2017-9527 + - https://www.rapid7.com/db/vulnerabilities/debian-cve-2017-9527 diff --git a/rubies/mruby/CVE-2018-10191.yml b/rubies/mruby/CVE-2018-10191.yml index ac69948f8e..4204bc8206 100644 --- a/rubies/mruby/CVE-2018-10191.yml +++ b/rubies/mruby/CVE-2018-10191.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2018-10191 +ghsa: 444w-xm89-r2p5 url: https://github.com/mruby/mruby/issues/3995 title: Use after free caused by integer overflow in environment stack date: 2018-04-17 diff --git a/rubies/mruby/CVE-2018-10199.yml b/rubies/mruby/CVE-2018-10199.yml index 311d82b5c4..b67ca6267b 100644 --- a/rubies/mruby/CVE-2018-10199.yml +++ b/rubies/mruby/CVE-2018-10199.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2018-10199 +ghsa: xpq9-m45f-g29q url: https://github.com/mruby/mruby/issues/4001 title: Use after free in File#initilialize_copy date: 2018-04-18 diff --git a/rubies/mruby/CVE-2018-11743.yml b/rubies/mruby/CVE-2018-11743.yml index 035e50e607..047b100883 100644 --- a/rubies/mruby/CVE-2018-11743.yml +++ b/rubies/mruby/CVE-2018-11743.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2018-11743 +ghsa: 7w9j-h3hj-wc9g url: https://github.com/mruby/mruby/issues/4027 title: Use of uninitialized pointer in mrb_hash_keys date: 2018-06-05 diff --git a/rubies/mruby/CVE-2018-12247.yml b/rubies/mruby/CVE-2018-12247.yml index e8a29389b8..6c5a4ebb26 100644 --- a/rubies/mruby/CVE-2018-12247.yml +++ b/rubies/mruby/CVE-2018-12247.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2018-12247 +ghsa: 8j6c-c99j-fh4c url: https://github.com/mruby/mruby/issues/4036 title: Null pointer dereference in mrb_class date: 2018-06-12 diff --git a/rubies/mruby/CVE-2018-12248.yml b/rubies/mruby/CVE-2018-12248.yml index ebc87a2c7a..7b82250ccc 100644 --- a/rubies/mruby/CVE-2018-12248.yml +++ b/rubies/mruby/CVE-2018-12248.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2018-12248 +ghsa: 96p2-24jg-gc5w url: https://github.com/mruby/mruby/issues/4038 title: Heap buffer overflow in OP_ENTER date: 2018-06-12 diff --git a/rubies/mruby/CVE-2018-12249.yml b/rubies/mruby/CVE-2018-12249.yml index 0b1d050dfc..522864d2ec 100644 --- a/rubies/mruby/CVE-2018-12249.yml +++ b/rubies/mruby/CVE-2018-12249.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2018-12249 +ghsa: 3h2j-h4g8-5pmr url: https://github.com/mruby/mruby/issues/4037 title: Null pointer dereference in mrb_class_real date: 2018-06-12 diff --git a/rubies/mruby/CVE-2018-14337.yml b/rubies/mruby/CVE-2018-14337.yml index c2bfc604a5..8455f1eec4 100644 --- a/rubies/mruby/CVE-2018-14337.yml +++ b/rubies/mruby/CVE-2018-14337.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2018-14337 +ghsa: hrqc-789v-hchf url: https://github.com/mruby/mruby/issues/4062 title: Signed integer overflow in mrb_str_format date: 2018-07-17 diff --git a/rubies/mruby/CVE-2020-15866.yml b/rubies/mruby/CVE-2020-15866.yml index 6956a652c5..5741415c90 100644 --- a/rubies/mruby/CVE-2020-15866.yml +++ b/rubies/mruby/CVE-2020-15866.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2020-15866 +ghsa: 4f9x-p86g-x88m url: https://github.com/mruby/mruby/issues/5042 title: Heap buffer overflow in mruby interpreter date: 2020-07-21 diff --git a/rubies/mruby/CVE-2020-6838.yml b/rubies/mruby/CVE-2020-6838.yml index 2f1aa3a528..4997407008 100644 --- a/rubies/mruby/CVE-2020-6838.yml +++ b/rubies/mruby/CVE-2020-6838.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2020-6838 +ghsa: 97qv-pm76-mg98 url: https://github.com/mruby/mruby/issues/4926 title: heap use after free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c date: 2020-01-11 diff --git a/rubies/mruby/CVE-2020-6839.yml b/rubies/mruby/CVE-2020-6839.yml index 2e9697b853..973b954191 100644 --- a/rubies/mruby/CVE-2020-6839.yml +++ b/rubies/mruby/CVE-2020-6839.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2020-6839 +ghsa: 24vp-v896-cq3c url: https://github.com/mruby/mruby/issues/4929 title: stack overflow in mrb_str_len_to_dbl in src/string.c date: 2020-01-11 diff --git a/rubies/mruby/CVE-2020-6840.yml b/rubies/mruby/CVE-2020-6840.yml index e39f8cf81d..ee201aad8a 100644 --- a/rubies/mruby/CVE-2020-6840.yml +++ b/rubies/mruby/CVE-2020-6840.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2020-6840 +ghsa: 4v2f-5xhv-8ff4 url: https://github.com/mruby/mruby/issues/4927 title: heap use after free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c date: 2020-01-11 diff --git a/rubies/mruby/CVE-2021-4110.yml b/rubies/mruby/CVE-2021-4110.yml index 26cb61bc9c..41e5f6012a 100644 --- a/rubies/mruby/CVE-2021-4110.yml +++ b/rubies/mruby/CVE-2021-4110.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2021-4110 +ghsa: xvhr-qprg-rjpw url: https://huntr.dev/bounties/4ce5dc47-2512-4c87-8609-453adc8cad20 title: NULL Pointer Dereference in mruby/mruby date: 2021-12-15 diff --git a/rubies/mruby/CVE-2021-4188.yml b/rubies/mruby/CVE-2021-4188.yml index e5cf72830e..029b5e5a02 100644 --- a/rubies/mruby/CVE-2021-4188.yml +++ b/rubies/mruby/CVE-2021-4188.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2021-4188 +ghsa: wc43-284g-pqr5 url: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28 title: NULL Pointer Dereference in mruby/mruby date: 2021-12-30 diff --git a/rubies/mruby/CVE-2021-46023.yml b/rubies/mruby/CVE-2021-46023.yml index a53ef3f9fc..8a0d12709e 100644 --- a/rubies/mruby/CVE-2021-46023.yml +++ b/rubies/mruby/CVE-2021-46023.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2021-46023 +ghsa: 4g9q-c75g-jq7q url: https://nvd.nist.gov/vuln/detail/CVE-2021-46023 title: https://github.com/mruby/mruby/issues/5613 date: 2023-02-14 diff --git a/rubies/mruby/CVE-2022-0080.yml b/rubies/mruby/CVE-2022-0080.yml index 78eb7f1c14..19f5b73076 100644 --- a/rubies/mruby/CVE-2022-0080.yml +++ b/rubies/mruby/CVE-2022-0080.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-0080 +ghsa: 8vcc-hrhr-q8hf url: https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e title: Heap-based Buffer Overflow in mruby/mruby date: 2022-01-02 diff --git a/rubies/mruby/CVE-2022-0240.yml b/rubies/mruby/CVE-2022-0240.yml index bc6e0e4e63..a204efa247 100644 --- a/rubies/mruby/CVE-2022-0240.yml +++ b/rubies/mruby/CVE-2022-0240.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-0240 +ghsa: r744-r36f-363j url: https://huntr.dev/bounties/5857eced-aad9-417d-864e-0bdf17226cbb title: NULL Pointer Dereference in mruby/mruby date: 2022-01-17 diff --git a/rubies/mruby/CVE-2022-0326.yml b/rubies/mruby/CVE-2022-0326.yml index 0029033488..69f2b02d92 100644 --- a/rubies/mruby/CVE-2022-0326.yml +++ b/rubies/mruby/CVE-2022-0326.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-0326 +ghsa: 54p3-947h-6fpr url: https://huntr.dev/bounties/795dcbd9-1695-44bb-8c59-ad327c97c976 title: NULL Pointer Dereference in mruby/mruby date: 2022-01-21 diff --git a/rubies/mruby/CVE-2022-0481.yml b/rubies/mruby/CVE-2022-0481.yml index 4ca525d876..039a1dc8e6 100644 --- a/rubies/mruby/CVE-2022-0481.yml +++ b/rubies/mruby/CVE-2022-0481.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-0481 +ghsa: h8gw-f6pq-8cg5 url: https://huntr.dev/bounties/54725c8c-87f4-41b6-878c-01d8e0ee7027 title: NULL Pointer Dereference in mruby/mruby date: 2022-02-04 diff --git a/rubies/mruby/CVE-2022-0525.yml b/rubies/mruby/CVE-2022-0525.yml index 77b6a0c4b3..c3af2c755c 100644 --- a/rubies/mruby/CVE-2022-0525.yml +++ b/rubies/mruby/CVE-2022-0525.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-0525 +ghsa: 6cpj-3r2r-v2m4 url: https://huntr.dev/bounties/e19e109f-acf0-4048-8ee8-1b10a870f1e9 title: Out-of-bounds Read in mruby/mruby date: 2022-02-09 diff --git a/rubies/mruby/CVE-2022-0570.yml b/rubies/mruby/CVE-2022-0570.yml index 3b59017653..de3254c098 100644 --- a/rubies/mruby/CVE-2022-0570.yml +++ b/rubies/mruby/CVE-2022-0570.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-0570 +ghsa: 69j8-4j47-xjj7 url: https://huntr.dev/bounties/65a7632e-f95b-4836-b1a7-9cb95e5124f1 title: Heap-based Buffer Overflow in mruby/mruby date: 2022-02-14 diff --git a/rubies/mruby/CVE-2022-0614.yml b/rubies/mruby/CVE-2022-0614.yml index a135e5f7b2..10505fba04 100644 --- a/rubies/mruby/CVE-2022-0614.yml +++ b/rubies/mruby/CVE-2022-0614.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-0614 +ghsa: rr79-wxqv-v9vq url: https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879 title: Use of Out-of-range Pointer Offset in mruby/mruby date: 2022-02-16 diff --git a/rubies/mruby/CVE-2022-0623.yml b/rubies/mruby/CVE-2022-0623.yml index c633a630b4..70aecb3a76 100644 --- a/rubies/mruby/CVE-2022-0623.yml +++ b/rubies/mruby/CVE-2022-0623.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-0623 +ghsa: ff35-7f56-3w6p url: https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580 title: Out-of-bounds Read in mruby/mruby date: 2022-02-17 diff --git a/rubies/mruby/CVE-2022-0630.yml b/rubies/mruby/CVE-2022-0630.yml index db623b9611..2331ed1ab5 100644 --- a/rubies/mruby/CVE-2022-0630.yml +++ b/rubies/mruby/CVE-2022-0630.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-0630 +ghsa: f46c-4g24-cvr4 url: https://huntr.dev/bounties/f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32 title: Out-of-bounds Read in mruby/mruby date: 2022-02-19 diff --git a/rubies/mruby/CVE-2022-0631.yml b/rubies/mruby/CVE-2022-0631.yml index e1afe08a11..cea42f77c2 100644 --- a/rubies/mruby/CVE-2022-0631.yml +++ b/rubies/mruby/CVE-2022-0631.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-0631 +ghsa: hv83-f8w5-chhv url: https://huntr.dev/bounties/9bdc49ca-6697-4adc-a785-081e1961bf40 title: Heap-based Buffer Overflow in mruby/mruby date: 2022-02-18 diff --git a/rubies/mruby/CVE-2022-0632.yml b/rubies/mruby/CVE-2022-0632.yml index 801747e52d..92f2b0ecd7 100644 --- a/rubies/mruby/CVE-2022-0632.yml +++ b/rubies/mruby/CVE-2022-0632.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-0632 +ghsa: 3xxj-pcr2-rvh7 url: https://huntr.dev/bounties/3e5bb8f6-30fd-4553-86dd-761e9459ce1b title: NULL Pointer Dereference in mruby/mruby date: 2022-02-19 diff --git a/rubies/mruby/CVE-2022-0717.yml b/rubies/mruby/CVE-2022-0717.yml index e3dedcabee..a4ab910259 100644 --- a/rubies/mruby/CVE-2022-0717.yml +++ b/rubies/mruby/CVE-2022-0717.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-0717 +ghsa: 9543-hpcg-326v url: https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9 title: Out-of-bounds Read in mruby/mruby date: 2022-02-23 diff --git a/rubies/mruby/CVE-2022-0890.yml b/rubies/mruby/CVE-2022-0890.yml index 15c3944e53..20ce3f6341 100644 --- a/rubies/mruby/CVE-2022-0890.yml +++ b/rubies/mruby/CVE-2022-0890.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-0890 +ghsa: j279-7379-x7mj url: https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276 title: NULL Pointer Dereference in mruby/mruby date: 2022-03-10 diff --git a/rubies/mruby/CVE-2022-1071.yml b/rubies/mruby/CVE-2022-1071.yml index 88b7b4757f..d023221386 100644 --- a/rubies/mruby/CVE-2022-1071.yml +++ b/rubies/mruby/CVE-2022-1071.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-1071 +ghsa: pv86-xgr9-75fj url: https://huntr.dev/bounties/6597ece9-07af-415b-809b-919ce0a17cf3 title: User after free in mrb_vm_exec in mruby/mruby date: 2022-03-26 diff --git a/rubies/mruby/CVE-2022-1106.yml b/rubies/mruby/CVE-2022-1106.yml index 6ee2794fc7..771b56d106 100644 --- a/rubies/mruby/CVE-2022-1106.yml +++ b/rubies/mruby/CVE-2022-1106.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-1106 +ghsa: r2j8-v967-j6h6 url: https://huntr.dev/bounties/16b9d0ea-71ed-41bc-8a88-2deb4c20be8f title: Use after free in mrb_vm_exec in mruby/mruby date: 2022-03-27 diff --git a/rubies/mruby/CVE-2022-1201.yml b/rubies/mruby/CVE-2022-1201.yml index 4c03a7ff26..078f651760 100644 --- a/rubies/mruby/CVE-2022-1201.yml +++ b/rubies/mruby/CVE-2022-1201.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-1201 +ghsa: p2wj-9vfc-2xj7 url: https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b title: NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby date: 2022-04-02 diff --git a/rubies/mruby/CVE-2022-1212.yml b/rubies/mruby/CVE-2022-1212.yml index 63f3d0a255..eb90231492 100644 --- a/rubies/mruby/CVE-2022-1212.yml +++ b/rubies/mruby/CVE-2022-1212.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-1212 +ghsa: xh66-6mj6-94rg url: https://huntr.dev/bounties/9fcc06d0-08e4-49c8-afda-2cae40946abe title: Use-After-Free in str_escape in mruby/mruby in mruby/mruby date: 2022-04-05 diff --git a/rubies/mruby/CVE-2022-1276.yml b/rubies/mruby/CVE-2022-1276.yml index f7be3d344a..316b05987a 100644 --- a/rubies/mruby/CVE-2022-1276.yml +++ b/rubies/mruby/CVE-2022-1276.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-1276 +ghsa: 66hc-pc5r-hwjr url: https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25 title: Out-of-bounds Read in mrb_get_args in mruby/mruby date: 2022-04-10 diff --git a/rubies/mruby/CVE-2022-1286.yml b/rubies/mruby/CVE-2022-1286.yml index 3110241b61..c1a9dade24 100644 --- a/rubies/mruby/CVE-2022-1286.yml +++ b/rubies/mruby/CVE-2022-1286.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-1286 +ghsa: 6c7w-5xfj-j2mc url: https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189 title: heap-buffer-overflow in mrb_vm_exec in mruby/mruby in mruby/mruby date: 2022-04-10 diff --git a/rubies/mruby/CVE-2022-1427.yml b/rubies/mruby/CVE-2022-1427.yml index f5d9b5c8f6..6150126618 100644 --- a/rubies/mruby/CVE-2022-1427.yml +++ b/rubies/mruby/CVE-2022-1427.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-1427 +ghsa: 45gc-6g92-9g2j url: https://huntr.dev/bounties/23b6f0a9-64f5-421e-a55f-b5b7a671f301 title: Out-of-bounds Read in mrb_obj_is_kind_of in in mruby/mruby date: 2022-04-23 diff --git a/rubies/mruby/CVE-2022-1934.yml b/rubies/mruby/CVE-2022-1934.yml index a6d11f35ed..3306a96000 100644 --- a/rubies/mruby/CVE-2022-1934.yml +++ b/rubies/mruby/CVE-2022-1934.yml @@ -1,6 +1,7 @@ --- engine: mruby cve: 2022-1934 +ghsa: hp4r-26gw-f2r8 url: https://huntr.dev/bounties/99e6df06-b9f7-4c53-a722-6bb89fbfb51f title: Use-After-Free in function hash_new_from_values in mruby/mruby date: 2022-05-31 @@ -16,4 +17,4 @@ related: - https://nvd.nist.gov/vuln/detail/CVE-2022-1934 - https://github.com/mruby/mruby/commit/aa7f98dedb68d735a1665d3a289036c88b0c47ce - https://huntr.dev/bounties/99e6df06-b9f7-4c53-a722-6bb89fbfb51f - - https://github.com/advisories/GHSA-hp4r-26gw-f2r8.json + - https://github.com/advisories/GHSA-hp4r-26gw-f2r8 diff --git a/rubies/ruby/CVE-2017-17790.yml b/rubies/ruby/CVE-2017-17790.yml index 4b9011f760..66831c1739 100644 --- a/rubies/ruby/CVE-2017-17790.yml +++ b/rubies/ruby/CVE-2017-17790.yml @@ -1,6 +1,7 @@ --- engine: ruby cve: 2017-17790 +ghsa: 47cm-jxff-w8wg url: https://nvd.nist.gov/vuln/detail/CVE-2017-17790 title: The lazy_initialize function in lib/resolv.rb in Ruby date: 2017-12-20 @@ -20,16 +21,16 @@ patched_versions: - "~> 2.2.8" - "~> 2.3.5" - ">= 2.4.3" -# related: -# url: -# - https://nvd.nist.gov/vuln/detail/CVE-2017-17790 -# - https://github.com/ruby/ruby/pull/1777 -# - https://access.redhat.com/errata/RHSA-2018:0378 -# - https://access.redhat.com/errata/RHSA-2018:0583 -# - https://access.redhat.com/errata/RHSA-2018:0584 -# - https://access.redhat.com/errata/RHSA-2018:0585 -# - https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html -# - https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html -# - https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html -# - https://www.debian.org/security/2018/dsa-4259 -# - https://github.com/advisories/GHSA-qf67-vmxx-gp4jGHSA-47cm-jxff-w8wg.json +related: + url: + - https://nvd.nist.gov/vuln/detail/CVE-2017-17790 + - https://github.com/ruby/ruby/pull/1777 + - https://access.redhat.com/errata/RHSA-2018:0378 + - https://access.redhat.com/errata/RHSA-2018:0583 + - https://access.redhat.com/errata/RHSA-2018:0584 + - https://access.redhat.com/errata/RHSA-2018:0585 + - https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html + - https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html + - https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html + - https://www.debian.org/security/2018/dsa-4259 + - https://github.com/advisories/GHSA-qf67-vmxx-gp4j From 4c186eee333938564b28fd33a27b2734e39af64d Mon Sep 17 00:00:00 2001 From: Al Snow <43523+jasnow@users.noreply.github.com> Date: Mon, 12 Jan 2026 19:06:48 -0500 Subject: [PATCH 2/2] Update CVE-2017-17790.yml to remove old link Removed outdated GitHub advisory link. --- rubies/ruby/CVE-2017-17790.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rubies/ruby/CVE-2017-17790.yml b/rubies/ruby/CVE-2017-17790.yml index d6f7dc5d89..67d639ff82 100644 --- a/rubies/ruby/CVE-2017-17790.yml +++ b/rubies/ruby/CVE-2017-17790.yml @@ -33,5 +33,4 @@ related: - https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html - https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html - https://www.debian.org/security/2018/dsa-4259 - - https://github.com/advisories/GHSA-qf67-vmxx-gp4j - https://github.com/advisories/GHSA-47cm-jxff-w8wg