Skip to content

Commit 1f1b9c8

Browse files
jasnowjasnow
authored
GHSA SYNC: 1 modified advisory (#977)
1 parent c4bceda commit 1f1b9c8

File tree

1 file changed

+12
-0
lines changed

1 file changed

+12
-0
lines changed

rubies/ruby/CVE-2024-27282.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
---
22
engine: ruby
33
cve: 2024-27282
4+
ghsa: 63cq-cj6g-qfr2
45
url: https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
56
title: Arbitrary memory address read vulnerability with Regex search
67
date: 2024-04-23
@@ -15,8 +16,19 @@ description: |
1516
* For Ruby 3.1 users: Update to 3.1.5
1617
* For Ruby 3.2 users: Update to 3.2.4
1718
* For Ruby 3.3 users: Update to 3.3.1
19+
cvss_v3: 6.6
1820
patched_versions:
1921
- "~> 3.0.7"
2022
- "~> 3.1.5"
2123
- "~> 3.2.4"
2224
- ">= 3.3.1"
25+
related:
26+
url:
27+
- https://nvd.nist.gov/vuln/detail/CVE-2024-27282
28+
- https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282
29+
- https://hackerone.com/reports/2122624
30+
- https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html
31+
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF
32+
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYDHPHEZI7OQXTQKTDZHGZNPIJH7ZV5N
33+
- https://security.netapp.com/advisory/ntap-20241011-0007
34+
- https://github.com/advisories/GHSA-63cq-cj6g-qfr2

0 commit comments

Comments
 (0)