6 enhanced advisories; 1 brand new advisory

jasnow · postmodern · commit 3e2cd72acc94 · 2025-02-13T12:33:52.000-08:00
diff --git a/gems/actionpack/CVE-2024-54133.yml b/gems/actionpack/CVE-2024-54133.yml
@@ -41,5 +41,6 @@ patched_versions:
 related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2024-54133
+    - https://hackerone.com/reports/2905532
     - https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v
     - https://github.com/advisories/GHSA-vfm5-rmrh-j26v
diff --git a/gems/net-imap/CVE-2025-25186.yml b/gems/net-imap/CVE-2025-25186.yml
@@ -150,6 +150,7 @@ patched_versions:
 related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2025-25186
+    - https://www.ruby-lang.org/en/news/2025/02/10/dos-net-imap-cve-2025-25186
     - https://github.com/ruby/net-imap/security/advisories/GHSA-7fc5-f82f-cx69
     - https://github.com/ruby/net-imap/commit/70e3ddd071a94e450b3238570af482c296380b35
     - https://github.com/ruby/net-imap/commit/c8c5a643739d2669f0c9a6bb9770d0c045fd74a3
diff --git a/gems/rack/CVE-2025-25184.yml b/gems/rack/CVE-2025-25184.yml
@@ -0,0 +1,48 @@
+---
+gem: rack
+cve: 2025-25184
+ghsa: 7g2v-jj9q-g3rg
+url: https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg
+title: Possible Log Injection in Rack::CommonLogger
+date: 2025-02-12
+description: |
+  ## Summary
+
+  `Rack::CommonLogger` can be exploited by crafting input that includes
+  newline characters to manipulate log entries. The supplied
+  proof-of-concept demonstrates injecting malicious content into logs.
+
+  ## Details
+
+  When a user provides the authorization credentials via
+  `Rack::Auth::Basic`, if success, the username will be put in
+  `env['REMOTE_USER']` and later be used by `Rack::CommonLogger`
+  for logging purposes.
+
+  The issue occurs when a server intentionally or unintentionally
+  allows a user creation with the username contain CRLF and white
+  space characters, or the server just want to log every login
+  attempts. If an attacker enters a username with CRLF character,
+  the logger will log the malicious username with CRLF characters
+  into the logfile.
+
+  ## Impact
+
+  Attackers can break log formats or insert fraudulent entries,
+  potentially obscuring real activity or injecting malicious data
+  into log files.
+
+  ## Mitigation
+
+  - Update to the latest version of Rack.
+cvss_v4: 5.7
+patched_versions:
+  - "~> 2.2.11"
+  - "~> 3.0.12"
+  - ">= 3.1.10"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-25184
+    - https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg
+    - https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e
+    - https://github.com/advisories/GHSA-7g2v-jj9q-g3rg
diff --git a/gems/rails-html-sanitizer/CVE-2024-53986.yml b/gems/rails-html-sanitizer/CVE-2024-53986.yml
@@ -110,6 +110,7 @@ patched_versions:
 related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2024-53986
+    - https://hackerone.com/reports/2931636
     - https://github.com/rails/rails-html-sanitizer/blob/v1.6.1/CHANGELOG.md
     - https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-638j-pmjw-jq48
     - https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e
diff --git a/gems/rails-html-sanitizer/CVE-2024-53987.yml b/gems/rails-html-sanitizer/CVE-2024-53987.yml
@@ -109,6 +109,8 @@ patched_versions:
 related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2024-53987
+    - https://hackerone.com/reports/2931639
+    - https://hackerone.com/reports/2931688
     - https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-2x5m-9ch4-qgrr
     - https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e
     - https://github.com/advisories/GHSA-2x5m-9ch4-qgrr
diff --git a/gems/rails-html-sanitizer/CVE-2024-53988.yml b/gems/rails-html-sanitizer/CVE-2024-53988.yml
@@ -119,6 +119,7 @@ patched_versions:
 related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2024-53988
+    - https://hackerone.com/reports/2931710
     - https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-cfjx-w229-hgx5
     - https://github.com/rails/rails-html-sanitizer/commit/a0a3e8b76b696446ffc6bffcff3bc7b7c6393c72
     - https://github.com/advisories/GHSA-cfjx-w229-hgx5
diff --git a/gems/rails-html-sanitizer/CVE-2024-53989.yml b/gems/rails-html-sanitizer/CVE-2024-53989.yml
@@ -109,6 +109,7 @@ patched_versions:
 related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2024-53989
+    - https://hackerone.com/reports/2931691
     - https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rxv5-gxqc-xx8g
     - https://github.com/rails/rails-html-sanitizer/commit/16251735e36ebdc302e2f90f2a39cad56879414f
     - https://github.com/advisories/GHSA-rxv5-gxqc-xx8g
