Updated advisory posts against rubysec/ruby-advisory-db@3f8ac23

rubysec · Jun 3, 2024 · 5555996 · 5555996
1 parent a51fc91
commit 5555996
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/advisories/_posts/2024-05-07-CVE-2024-34341.md b/advisories/_posts/2024-05-07-CVE-2024-34341.md
@@ -13,7 +13,7 @@ advisory:
   title: Arbitrary Code Execution Vulnerability in Trix Editor included in ActionText
   date: 2024-05-07
   description: |
-    The ActionText gem includes a copy of the Trix rich text editor.
+    From version 7.0 onwards the ActionText gem includes a copy of the Trix rich text editor.
     Prior to versions 7.0.8.3 and 7.1.3.3, ActionText included a version of Trix that
     is vulnerable to arbitrary code execution when
     copying and pasting content from the web or other documents with markup into the editor.
@@ -23,7 +23,6 @@ advisory:
     # Vulnerable Versions:
       * 7.1 series older than 7.1.3.3
       * 7.0 series older than 7.0.8.3
-      * All versions of ActionText older than 7.0
 
     # Fixed Versions:
       * 7.1.3.3
@@ -62,6 +61,8 @@ advisory:
     can significantly mitigate the risk of such vulnerabilities.
     Set CSP policies such as script-src 'self' to ensure that only scripts hosted on the same origin
     are executed, and explicitly prohibit inline scripts using script-src-elem.
+  unaffected_versions:
+  - "< 7.0.0"
   patched_versions:
   - "~> 7.0.8.3"
   - ">= 7.1.3.3"