Updated advisory posts against rubysec/ruby-advisory-db@0d91567

rubysec · May 30, 2024 · 5f9d7cd · 5f9d7cd
1 parent 9d4a484
commit 5f9d7cd
Show file tree

Hide file tree

Showing 2 changed files with 114 additions and 0 deletions.
diff --git a/advisories/_posts/2024-05-27-CVE-2024-32978.md b/advisories/_posts/2024-05-27-CVE-2024-32978.md
@@ -0,0 +1,69 @@
+---
+layout: advisory
+title: 'CVE-2024-32978 (kaminari): Insecure File Permissions vulnerability in kaminari'
+comments: false
+categories:
+- kaminari
+advisory:
+  gem: kaminari
+  cve: 2024-32978
+  ghsa: 7r3j-qmr4-jfpj
+  url: https://nvd.nist.gov/vuln/detail/CVE-2024-32978
+  title: Insecure File Permissions vulnerability in kaminari
+  date: 2024-05-27
+  description: |
+    kaminari versions prior to 0.16.2 are vulnerable to an Insecure File
+    Permissions vulnerability, where certain files within the kaminari gem have
+    insecure file permissions.
+
+    Versions Affected: < 0.16.2
+    Fixed Versions: >= 0.16.2
+
+    # Impact
+
+    An attacker with local access could write arbitrary code to the affected files
+    resulting in arbitrary code execution.
+
+    # Releases
+
+    The fixed releases are available at the normal locations.
+
+    # Workarounds
+
+    Manually set the permissions of the affected files to `644`.
+
+    ## All Affected Versions:
+
+    ```
+    lib/kaminari/models/page_scope_methods.rb
+    ```
+
+    ## Version 0.15.0 and 0.15.1:
+
+    ```
+    spec/models/mongo_mapper/mongo_mapper_spec.rb
+    ```
+
+    ## Version 0.16.0:
+
+    ```
+    spec/models/mongo_mapper/mongo_mapper_spec.rb
+    spec/models/mongoid/mongoid_spec.rb
+    ```
+
+    ## Version 0.16.1:
+
+    ```
+    spec/models/active_record/scopes_spec.rb
+    spec/models/mongo_mapper/mongo_mapper_spec.rb
+    spec/models/mongoid/mongoid_spec.rb
+    gemfiles/data_mapper_12.gemfile
+    gemfiles/active_record_32.gemfile
+    ```
+  cvss_v3: 6.6
+  patched_versions:
+  - ">= 0.16.2"
+  related:
+    url:
+    - https://github.com/kaminari/kaminari/security/advisories/GHSA-7r3j-qmr4-jfpj
+---
diff --git a/advisories/_posts/2024-05-27-CVE-2024-35231.md b/advisories/_posts/2024-05-27-CVE-2024-35231.md
@@ -0,0 +1,45 @@
+---
+layout: advisory
+title: 'CVE-2024-35231 (rack-contrib): Denial of Service in rack-contrib via "profiler_runs"
+  parameter'
+comments: false
+categories:
+- rack-contrib
+advisory:
+  gem: rack-contrib
+  cve: 2024-35231
+  ghsa: 8c8q-2xw3-j869
+  url: https://nvd.nist.gov/vuln/detail/CVE-2024-35231
+  title: Denial of Service in rack-contrib via "profiler_runs" parameter
+  date: 2024-05-27
+  description: |
+    rack-contrib prior to version 2.5.0 is vulnerable to a Denial of Service
+    via the `profiler_runs` HTTP request parameter.
+
+    Versions Affected: < 2.5.0
+    Fixed Versions: >= 2.5.0
+
+    # Impact
+
+    An attacker can trigger a Denial of Service by sending an HTTP request with
+    an overly large `profiler_runs` parameter.
+
+    ```shell
+    curl  "http://127.0.0.1:9292/?profiler_runs=9999999999&profile=process_time"
+    ```
+
+    # Releases
+
+    The fixed releases are available at the normal locations.
+
+    # Workarounds
+
+    There are no feasible workarounds for this issue.
+  cvss_v3: 8.6
+  patched_versions:
+  - ">= 2.5.0"
+  related:
+    url:
+    - https://github.com/rack/rack-contrib/commit/0eec2a9836329051c6742549e65a94a4c24fe6f7
+    - https://github.com/advisories/GHSA-8c8q-2xw3-j869
+---