[GHSA sync] added ghsa, cvss_v3, and switch to double quotes (#569)

Author: jasnow

gems/VladTheEnterprising/CVE-2014-4995.yml

@@ -2,6 +2,7 @@
 gem: VladTheEnterprising
 cve: 2014-4995
 osvdb: 108728
+ghsa: 86cf-g34f-7462
 url: https://nvd.nist.gov/vuln/detail/CVE-2014-4995
 title: VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple
   Impact
@@ -12,3 +13,4 @@ description: |
   a symlink attack against the /tmp/my.cnf.#{target_host} file they can
   overwrite arbitrary files, gain access to the MySQL root password,
   or inject arbitrary commands.
+cvss_v3: 7.0

gems/VladTheEnterprising/CVE-2014-4996.yml

@@ -2,6 +2,7 @@
 gem: VladTheEnterprising
 cve: 2014-4996
 osvdb: 108728
+ghsa: x4vj-279x-qwf2
 url: https://nvd.nist.gov/vuln/detail/CVE-2014-4996
 title: VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple
   Impact
@@ -12,3 +13,4 @@ description: |
   a symlink attack against the /tmp/my.cnf.#{target_host} file they can
   overwrite arbitrary files, gain access to the MySQL root password,
   or inject arbitrary commands.
+cvss_v3: 5.5

gems/actionpack/CVE-2014-0082.yml

@@ -3,6 +3,7 @@ gem: actionpack
 framework: rails
 cve: 2014-0082
 osvdb: 103440
+ghsa: 7cgp-c3g7-qvrw
 url: https://nvd.nist.gov/vuln/detail/CVE-2014-0082
 title: 'CVE-2014-0082 rubygem-actionpack: Action View string handling denial of service'
 date: 2014-02-18
@@ -12,6 +13,6 @@ description: actionpack/lib/action_view/template/text.rb in Action View in Ruby
   of service (memory consumption) by including these strings in headers.
 cvss_v2: 5.0
 unaffected_versions:
-- '>= 4.0.0'
+- ">= 4.0.0"
 patched_versions:
-- '>= 3.2.17'
+- ">= 3.2.17"

gems/actionpack/CVE-2014-0130.yml

@@ -2,6 +2,7 @@
 gem: actionpack
 framework: rails
 cve: 2014-0130
+ghsa: 6x85-j5j2-27jx
 url: https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o
 title: Directory Traversal Vulnerability With Certain Route Configurations
 date: 2014-05-06
@@ -15,6 +16,6 @@ description: |
   rails application server.
 cvss_v2: 4.3
 patched_versions:
-- ~> 3.2.18
-- ~> 4.0.5
-- '>= 4.1.1'
+- "~> 3.2.18"
+- "~> 4.0.5"
+- ">= 4.1.1"

gems/actionpack/CVE-2014-7818.yml

@@ -2,6 +2,7 @@
 gem: actionpack
 framework: rails
 cve: 2014-7818
+ghsa: 29gr-w57f-rpfw
 url: https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo
 title: Arbitrary file existence disclosure in Action Pack
 date: 2014-10-30
@@ -12,10 +13,9 @@ description: |
   exists.
 cvss_v2: 4.3
 unaffected_versions:
-- < 3.0.0
-
+- "< 3.0.0"
 patched_versions:
-- ~> 3.2.20
-- ~> 4.0.11
-- ~> 4.1.7
-- '>= 4.2.0.beta3'
+- "~> 3.2.20"
+- "~> 4.0.11"
+- "~> 4.1.7"
+- ">= 4.2.0.beta3"

gems/actionpack/CVE-2014-7829.yml

@@ -2,6 +2,7 @@
 gem: actionpack
 framework: rails
 cve: 2014-7829
+ghsa: h56m-vwxc-3qpw
 url: https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk
 title: Arbitrary file existence disclosure in Action Pack
 date: 2014-11-17
@@ -13,11 +14,10 @@ description: |
   specially crafted string is slightly different.
 cvss_v2: 5.0
 unaffected_versions:
-- < 3.0.0
-
+- "< 3.0.0"
 patched_versions:
-- ~> 3.2.21
-- ~> 4.0.11.1
-- ~> 4.0.12
-- ~> 4.1.7.1
-- '>= 4.1.8'
+- "~> 3.2.21"
+- "~> 4.0.11.1"
+- "~> 4.0.12"
+- "~> 4.1.7.1"
+- ">= 4.1.8"

gems/activerecord/CVE-2014-0080.yml

@@ -3,6 +3,7 @@ gem: activerecord
 framework: rails
 cve: 2014-0080
 osvdb: 103438
+ghsa: hqf9-rc9j-5fmj
 url: https://nvd.nist.gov/vuln/detail/CVE-2014-0080
 title: 'CVE-2014-0080 rubygem-activerecord: PostgreSQL array data injection vulnerability'
 date: 2014-02-18
@@ -12,8 +13,8 @@ description: SQL injection vulnerability in activerecord/lib/active_record/conne
   involving \ (backslash) characters that are not properly handled in operations on
   array columns.
 unaffected_versions:
-- < 3.2.0
-- ~> 3.2.0
+- "< 3.2.0"
+- "~> 3.2.0"
 patched_versions:
-- ~> 4.0.3
-- '>= 4.1.0.beta2'
+- "~> 4.0.3"
+- ">= 4.1.0.beta2"

gems/activerecord/CVE-2014-3482.yml

@@ -3,9 +3,10 @@ gem: activerecord
 framework: rails
 cve: 2014-3482
 osvdb: 108664
+ghsa: mhwp-qhpc-h3jm
 url: https://nvd.nist.gov/vuln/detail/CVE-2014-3482
-title: "CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in 'bitstring'\
-  \ quoting"
+title: 'CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in ''bitstring''
+  quoting'
 date: 2014-07-02
 description: SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
   in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before
@@ -15,6 +16,6 @@ description: SQL injection vulnerability in activerecord/lib/active_record/conne
   attacker could possibly use this flaw to conduct an SQL injection attack against
   applications using Active Record.
 unaffected_versions:
-- '>= 4.0.0'
+- ">= 4.0.0"
 patched_versions:
-- ~> 3.2.19
+- "~> 3.2.19"

gems/activerecord/CVE-2014-3483.yml

@@ -3,19 +3,20 @@ gem: activerecord
 framework: rails
 cve: 2014-3483
 osvdb: 108665
+ghsa: r8fh-hq2p-7qhq
 url: https://nvd.nist.gov/vuln/detail/CVE-2014-3483
-title: "CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range'\
-  \ quoting"
+title: 'CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in ''range'' quoting'
 date: 2014-07-02
-description: SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb
+description: |
+  SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb
   in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and
   4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by
   leveraging improper range quoting. It was discovered that Active Record did not
   properly quote values of the range type attributes when using the PostgreSQL database
   adapter. A remote attacker could possibly use this flaw to conduct an SQL injection
   attack against applications using Active Record.
 unaffected_versions:
-- < 4.0.0
+- "< 4.0.0"
 patched_versions:
-- ~> 4.0.7
-- '>= 4.1.3'
+- "~> 4.0.7"
+- ">= 4.1.3"

gems/activerecord/CVE-2014-3514.yml

@@ -2,19 +2,17 @@
 gem: activerecord
 framework: rails
 cve: 2014-3514
+ghsa: 9rf5-jm6f-2fmm
 url: https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ
 title: Data Injection Vulnerability in Active Record
 date: 2014-08-18
-description: >-
-  The create_with functionality in Active Record was implemented
-  incorrectly and completely bypasses the strong parameters
-  protection. Applications which pass user-controlled values to
-  create_with could allow attackers to set arbitrary attributes on
-  models.
+description: The create_with functionality in Active Record was implemented incorrectly
+  and completely bypasses the strong parameters protection. Applications which pass
+  user-controlled values to create_with could allow attackers to set arbitrary attributes
+  on models.
 cvss_v2: 8.7
 unaffected_versions:
-- < 4.0.0
-
+- "< 4.0.0"
 patched_versions:
-- ~> 4.0.9
-- '>= 4.1.5'
+- "~> 4.0.9"
+- ">= 4.1.5"