Add 1 advisory I missed previously

jasnow · postmodern · commit ed6d02cdb053 · 2023-05-25T17:20:42.000-07:00
diff --git a/gems/commonmarker/GHSA-48wp-p9qv-4j64.yml b/gems/commonmarker/GHSA-48wp-p9qv-4j64.yml
@@ -0,0 +1,43 @@
+---
+gem: commonmarker
+ghsa: 48wp-p9qv-4j64
+url: https://github.com/gjtorikian/commonmarker/releases/tag/v0.23.9
+title: Commonmarker vulnerable to to several quadratic complexity bugs
+  that may lead to denial of service
+date: 2023-03-31
+description: |
+  ## Impact
+
+  Several quadratic complexity bugs in commonmarker's underlying
+  cmark-gfm library may lead to unbounded resource exhaustion and
+  subsequent denial of service.
+
+  The following vulnerabilities were addressed:
+  * CVE-2023-24824
+  * CVE-2023-26485
+
+  For more information, consult the release notes for versions
+  0.23.0.gfm.10 and 0.23.0.gfm.11.
+
+  ## Mitigation
+
+  Users are advised to upgrade to commonmarker version 0.23.9
+cvss_v3: 7.5
+patched_versions:
+  - ">= 0.23.9"
+related:
+  cve:
+    - 2023-24824
+    - 2023-26485
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-24824
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-26485
+    - https://github.com/gjtorikian/commonmarker/pull/236
+    - https://rubygems.org/gems/commonmarker/versions/0.23.9
+    - https://github.com/gjtorikian/commonmarker/releases/tag/v0.23.9
+    - https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-48wp-p9qv-4j64
+    - https://github.com/github/cmark-gfm/commit/2300c1bd2c8226108885bf019655c4159cf26b59
+    - https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh
+    - https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5
+    - https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.10
+    - https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.11
