From d7f20f10e6eb0e600d135cdf3dfa2985eb748baf Mon Sep 17 00:00:00 2001 From: Al Snow Date: Thu, 13 Feb 2025 08:01:09 -0500 Subject: [PATCH] 6 enhanced advisories; 1 brand new advisory --- gems/actionpack/CVE-2024-54133.yml | 1 + gems/net-imap/CVE-2025-25186.yml | 1 + gems/rack/CVE-2025-25184.yml | 48 ++++++++++++++++++++ gems/rails-html-sanitizer/CVE-2024-53986.yml | 1 + gems/rails-html-sanitizer/CVE-2024-53987.yml | 2 + gems/rails-html-sanitizer/CVE-2024-53988.yml | 1 + gems/rails-html-sanitizer/CVE-2024-53989.yml | 1 + 7 files changed, 55 insertions(+) create mode 100644 gems/rack/CVE-2025-25184.yml diff --git a/gems/actionpack/CVE-2024-54133.yml b/gems/actionpack/CVE-2024-54133.yml index ae099e10b7..86e6c22eac 100644 --- a/gems/actionpack/CVE-2024-54133.yml +++ b/gems/actionpack/CVE-2024-54133.yml @@ -41,5 +41,6 @@ patched_versions: related: url: - https://nvd.nist.gov/vuln/detail/CVE-2024-54133 + - https://hackerone.com/reports/2905532 - https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v - https://github.com/advisories/GHSA-vfm5-rmrh-j26v diff --git a/gems/net-imap/CVE-2025-25186.yml b/gems/net-imap/CVE-2025-25186.yml index edc669522c..900c3587ac 100644 --- a/gems/net-imap/CVE-2025-25186.yml +++ b/gems/net-imap/CVE-2025-25186.yml @@ -150,6 +150,7 @@ patched_versions: related: url: - https://nvd.nist.gov/vuln/detail/CVE-2025-25186 + - https://www.ruby-lang.org/en/news/2025/02/10/dos-net-imap-cve-2025-25186 - https://github.com/ruby/net-imap/security/advisories/GHSA-7fc5-f82f-cx69 - https://github.com/ruby/net-imap/commit/70e3ddd071a94e450b3238570af482c296380b35 - https://github.com/ruby/net-imap/commit/c8c5a643739d2669f0c9a6bb9770d0c045fd74a3 diff --git a/gems/rack/CVE-2025-25184.yml b/gems/rack/CVE-2025-25184.yml new file mode 100644 index 0000000000..88d8728eed --- /dev/null +++ b/gems/rack/CVE-2025-25184.yml @@ -0,0 +1,48 @@ +--- +gem: rack +cve: 2025-25184 +ghsa: 7g2v-jj9q-g3rg +url: https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg +title: Possible Log Injection in Rack::CommonLogger +date: 2025-02-12 +description: | + ## Summary + + `Rack::CommonLogger` can be exploited by crafting input that includes + newline characters to manipulate log entries. The supplied + proof-of-concept demonstrates injecting malicious content into logs. + + ## Details + + When a user provides the authorization credentials via + `Rack::Auth::Basic`, if success, the username will be put in + `env['REMOTE_USER']` and later be used by `Rack::CommonLogger` + for logging purposes. + + The issue occurs when a server intentionally or unintentionally + allows a user creation with the username contain CRLF and white + space characters, or the server just want to log every login + attempts. If an attacker enters a username with CRLF character, + the logger will log the malicious username with CRLF characters + into the logfile. + + ## Impact + + Attackers can break log formats or insert fraudulent entries, + potentially obscuring real activity or injecting malicious data + into log files. + + ## Mitigation + + - Update to the latest version of Rack. +cvss_v4: 5.7 +patched_versions: + - "~> 2.2.11" + - "~> 3.0.12" + - ">= 3.1.10" +related: + url: + - https://nvd.nist.gov/vuln/detail/CVE-2025-25184 + - https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg + - https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e + - https://github.com/advisories/GHSA-7g2v-jj9q-g3rg diff --git a/gems/rails-html-sanitizer/CVE-2024-53986.yml b/gems/rails-html-sanitizer/CVE-2024-53986.yml index c89e36972e..0d31354c29 100644 --- a/gems/rails-html-sanitizer/CVE-2024-53986.yml +++ b/gems/rails-html-sanitizer/CVE-2024-53986.yml @@ -110,6 +110,7 @@ patched_versions: related: url: - https://nvd.nist.gov/vuln/detail/CVE-2024-53986 + - https://hackerone.com/reports/2931636 - https://github.com/rails/rails-html-sanitizer/blob/v1.6.1/CHANGELOG.md - https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-638j-pmjw-jq48 - https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e diff --git a/gems/rails-html-sanitizer/CVE-2024-53987.yml b/gems/rails-html-sanitizer/CVE-2024-53987.yml index 76ab2611e4..a5596fbaad 100644 --- a/gems/rails-html-sanitizer/CVE-2024-53987.yml +++ b/gems/rails-html-sanitizer/CVE-2024-53987.yml @@ -109,6 +109,8 @@ patched_versions: related: url: - https://nvd.nist.gov/vuln/detail/CVE-2024-53987 + - https://hackerone.com/reports/2931639 + - https://hackerone.com/reports/2931688 - https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-2x5m-9ch4-qgrr - https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e - https://github.com/advisories/GHSA-2x5m-9ch4-qgrr diff --git a/gems/rails-html-sanitizer/CVE-2024-53988.yml b/gems/rails-html-sanitizer/CVE-2024-53988.yml index 3c7bc09fa7..3f155ae580 100644 --- a/gems/rails-html-sanitizer/CVE-2024-53988.yml +++ b/gems/rails-html-sanitizer/CVE-2024-53988.yml @@ -119,6 +119,7 @@ patched_versions: related: url: - https://nvd.nist.gov/vuln/detail/CVE-2024-53988 + - https://hackerone.com/reports/2931710 - https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-cfjx-w229-hgx5 - https://github.com/rails/rails-html-sanitizer/commit/a0a3e8b76b696446ffc6bffcff3bc7b7c6393c72 - https://github.com/advisories/GHSA-cfjx-w229-hgx5 diff --git a/gems/rails-html-sanitizer/CVE-2024-53989.yml b/gems/rails-html-sanitizer/CVE-2024-53989.yml index e7731621cb..f73816b885 100644 --- a/gems/rails-html-sanitizer/CVE-2024-53989.yml +++ b/gems/rails-html-sanitizer/CVE-2024-53989.yml @@ -109,6 +109,7 @@ patched_versions: related: url: - https://nvd.nist.gov/vuln/detail/CVE-2024-53989 + - https://hackerone.com/reports/2931691 - https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rxv5-gxqc-xx8g - https://github.com/rails/rails-html-sanitizer/commit/16251735e36ebdc302e2f90f2a39cad56879414f - https://github.com/advisories/GHSA-rxv5-gxqc-xx8g