Added CVE info to 2 gems/mapbox-rails advisories, then renamed them/2nd try

Author: jasnow

gems/mapbox-rails/CVE-2017-1000042.yml

@@ -1,7 +1,9 @@
 ---
 gem: mapbox-rails
+cve: 2017-1000042
 osvdb: 129854
-url: https://nodesecurity.io/advisories/49
+ghsa: qr28-7j6p-9hmv
+url: https://nvd.nist.gov/vuln/detail/CVE-2017-1000042
 title: mapbox-rails Content Injection via TileJSON attribute
 date: 2015-10-24
 description: |
@@ -19,6 +21,16 @@ description: |
   * only trusted TileJSON content is loaded
   * TileJSON content comes only from mapbox.com URLs
   * a Mapbox map ID is supplied, rather than a TileJSON URL
+
+  * CWE: 79 - Improper Neutralization of Input During Web Page Generation (XSS)
+cvss_v2: 4.3
+cvss_v3: 6.1
 patched_versions:
-- ~> 1.6.5
-- '>= 2.1.7'
+ - ~> 1.6.5
+ - '>= 2.1.7'
+related:
+ url:
+  - https://nvd.nist.gov/vuln/detail/CVE-2017-1000042
+  - https://nodesecurity.io/advisories/49
+  - https://hackerone.com/reports/54327
+  - https://github.com/advisories/GHSA-qr28-7j6p-9hmv

gems/mapbox-rails/CVE-2017-1000043.yml

@@ -1,7 +1,9 @@
 ---
 gem: mapbox-rails
+cve: 2017-1000043
 osvdb: 132871
-url: https://nodesecurity.io/advisories/74
+ghsa: q69p-5h74-w36f
+url: https://nvd.nist.gov/vuln/detail/CVE-2017-1000043
 title: mapbox-rails Content Injection via TileJSON Name
 date: 2016-01-12
 description: |
@@ -20,6 +22,14 @@ description: |
 
   * the map does not use a share control (L.mapbox.sharecontrol)
   * only trusted TileJSON content is loaded
+cvss_v2: 4.3
+cvss_v3: 6.1
 patched_versions:
-- ~> 1.6.6
-- '>= 2.2.4'
+ - ~> 1.6.6
+ - '>= 2.2.4'
+related:
+ url:
+  - https://nvd.nist.gov/vuln/detail/CVE-2017-1000043
+  - https://nodesecurity.io/advisories/74
+  - https://hackerone.com/reports/99245
+  - https://github.com/advisories/GHSA-q69p-5h74-w36f