Sync with GitHub Security Advisories

reedloden · reedloden · commit 0ced7e83b186 · 2022-11-23T17:46:21.000-08:00
* Add CVE-2022-4064 for dalli
diff --git a/gems/dalli/CVE-2022-4064.yml b/gems/dalli/CVE-2022-4064.yml
@@ -0,0 +1,19 @@
+---
+gem: dalli
+cve: 2022-4064
+ghsa: 3xg8-cc8f-9wv2
+url: https://github.com/petergoldstein/dalli/issues/932
+title: Unsanitized input leading to code injection in Dalli
+date: 2022-11-19
+description: |
+  A vulnerability was found in Dalli. Affected is the function self.meta_set
+  of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol
+  Handler. The manipulation leads to injection. The exploit has been disclosed to
+  the public and may be used. The name of the patch is 48d594dae55934476fec61789e7a7c3700e0f50d.
+  It is recommended to apply a patch to fix this issue.
+patched_versions:
+- ">= 3.2.3"
+related:
+  url:
+  - https://github.com/petergoldstein/dalli/pull/933
+  - https://github.com/petergoldstein/dalli/commit/48d594dae55934476fec61789e7a7c3700e0f50d
