Added 1 more gem file - added CVE info, then renamed them

jasnow · postmodern · commit d930dc053589 · 2023-03-26T08:07:00.000-07:00
diff --git a/gems/uglifier/CVE-2015-8857.yml b/gems/uglifier/CVE-2015-8857.yml
@@ -1,6 +1,8 @@
 ---
 gem: uglifier
+cve: 2015-8857
 osvdb: 126747
+ghsa: 34r7-q49f-h37c
 url: https://github.com/mishoo/UglifyJS2/issues/751
 title: uglifier incorrectly handles non-boolean comparisons during minification
 date: 2015-07-21
@@ -14,6 +16,18 @@ description: |2
   to allow potentially malicious code to be hidden within secure code,
   and activated by the minification process.
 
-  For more information, consult: https://zyan.scripts.mit.edu/blog/backdooring-js/
+  For more information, consult:
+  * https://zyan.scripts.mit.edu/blog/backdooring-js
+
+  * CWE: 254 - 7PK - Security Features
+cvss_v2: 7.5
+cvss_v3: 9.8
 patched_versions:
-- '>= 2.7.2'
+ - '>= 2.7.2'
+related:
+ url:
+  - https://nvd.nist.gov/vuln/detail/CVE-2015-8857
+  - https://github.com/mishoo/UglifyJS/issues/751
+  - https://blog.azuki.vip/backdooring-js
+  - https://www.openwall.com/lists/oss-security/2016/04/20/11
+  - https://github.com/advisories/GHSA-34r7-q49f-h37c
