Updated advisory posts against rubysec/ruby-advisory-db@973ee93

postmodern · RubySec CI · commit 6ed4c0410dc5 · 2024-03-02T21:38:57.000Z
diff --git a/advisories/_posts/2024-02-21-CVE-2024-26142.md b/advisories/_posts/2024-02-21-CVE-2024-26142.md
@@ -10,6 +10,7 @@ advisory:
   gem: actionpack
   framework: rails
   cve: 2024-26142
+  ghsa: jjhx-jhvp-74wq
   url: https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946
   title: Possible ReDoS vulnerability in Accept header parsing in Action Dispatch
   date: 2024-02-21
diff --git a/advisories/_posts/2024-02-21-CVE-2024-26143.md b/advisories/_posts/2024-02-21-CVE-2024-26143.md
@@ -9,6 +9,7 @@ advisory:
   gem: actionpack
   framework: rails
   cve: 2024-26143
+  ghsa: 9822-6m93-xqf4
   url: https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
   title: Possible XSS Vulnerability in Action Controller
   date: 2024-02-21
@@ -57,6 +58,7 @@ advisory:
     # Workarounds
 
     There are no feasible workarounds for this issue.
+  cvss_v3: 6.1
   unaffected_versions:
   - "< 7.0.0"
   patched_versions:
diff --git a/advisories/_posts/2024-02-21-CVE-2024-26144.md b/advisories/_posts/2024-02-21-CVE-2024-26144.md
@@ -10,6 +10,7 @@ advisory:
   gem: activestorage
   framework: rails
   cve: 2024-26144
+  ghsa: 8h22-8cf7-hq6g
   url: https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
   title: Possible Sensitive Session Information Leak in Active Storage
   date: 2024-02-21
@@ -43,6 +44,7 @@ advisory:
 
     Upgrade to Rails 7.1.X, or configure caching proxies not to cache the
     `Set-Cookie` headers.
+  cvss_v3: 5.3
   unaffected_versions:
   - "< 5.2.0"
   - ">= 7.1.0"
diff --git a/advisories/_posts/2024-02-29-CVE-2023-51774.md b/advisories/_posts/2024-02-29-CVE-2023-51774.md
@@ -0,0 +1,26 @@
+---
+layout: advisory
+title: 'CVE-2023-51774 (json-jwt): json-jwt allows bypass of identity checks via a
+  sign/encryption confusion attack'
+comments: false
+categories:
+- json-jwt
+advisory:
+  gem: json-jwt
+  cve: 2023-51774
+  ghsa: c8v6-786g-vjx6
+  url: https://github.com/P3ngu1nW/CVE_Request/blob/main/novjson-jwt.md
+  title: json-jwt allows bypass of identity checks via a sign/encryption confusion
+    attack
+  date: 2024-02-29
+  description: |
+    The json-jwt (aka JSON::JWT) gem versions 1.16.5 and below sometimes allows
+    bypass of identity checks via a sign/encryption confusion attack.
+    For example, JWE can sometimes be used to bypass JSON::JWT.decode.
+  notes: Not patched yet
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-51774
+    - https://github.com/P3ngu1nW/CVE_Request/blob/main/novjson-jwt.md
+    - https://github.com/advisories/GHSA-c8v6-786g-vjx6
+---
