Added gems/discordrb/CVE-2023-28102.yml advisory (#642)

jasnow · web-flow · commit e3c8e1c2a19d · 2023-06-21T10:34:40.000-07:00
* Note: a patched version has not yet been released.
diff --git a/gems/discordrb/CVE-2023-28102.yml b/gems/discordrb/CVE-2023-28102.yml
@@ -0,0 +1,17 @@
+---
+gem: discordrb
+cve: 2023-28102
+url: https://securitylab.github.com/advisories/GHSL-2022-094_discordrb
+title: "GHSL-2022-094: Remote Code Execution in discordrb"
+date: 2023-03-27
+description: |
+  The encode_file method may lead to remote code execution (RCE) if
+  invoked with untrusted user-controlled data.
+cvss_v3: 9.6
+notes: "Not patched yet"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-28102
+    - https://securitylab.github.com/advisories/GHSL-2022-094_discordrb
+    - https://github.com/shardlab/discordrb/releases/tag/v3.4.1
+    - https://rubygems.org/gems/discordrb
