Updated advisory posts against rubysec/ruby-advisory-db@012e244

rubysec · Dec 15, 2023 · 0362a08 · 0362a08
1 parent 446155f
commit 0362a08
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 0 deletions.
diff --git a/advisories/_posts/2009-12-07-CVE-2009-4123.md b/advisories/_posts/2009-12-07-CVE-2009-4123.md
@@ -21,6 +21,7 @@ advisory:
     that a secure connection to a rogue SSL server is legitimate. Attackers could
     also penetrate client-validated SSL server applications with a dummy
     certificate.
+  cvss_v3: 7.5
   patched_versions:
   - ">= 0.6"
 ---
diff --git a/advisories/_posts/2013-03-04-CVE-2013-2513.md b/advisories/_posts/2013-03-04-CVE-2013-2513.md
@@ -17,4 +17,5 @@ advisory:
     flash_tool Gem for Ruby contains a flaw that is triggered during the
     handling of downloaded files that contain shell characters. With a specially crafted
     file, a context-dependent attacker can execute arbitrary commands.
+  cvss_v3: 9.8
 ---
diff --git a/advisories/_posts/2015-02-17-CVE-2015-2179.md b/advisories/_posts/2015-02-17-CVE-2015-2179.md
@@ -19,4 +19,5 @@ advisory:
     in /datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb. The issue is
     due to the function exposing sensitive information via the process table.
     This may allow a local attack to gain access to MySQL credential information.
+  cvss_v3: 5.5
 ---
diff --git a/advisories/_posts/2016-01-18-CVE-2015-8314.md b/advisories/_posts/2016-01-18-CVE-2015-8314.md
@@ -18,6 +18,7 @@ advisory:
     attacker manages to steal a remember me cookie and the user does not change
     the password frequently, the cookie can be used to gain access to the
     application indefinitely.
+  cvss_v3: 7.5
   patched_versions:
   - ">= 3.5.4"
 ---