Add a bunch of old submissions that never were added

Author: reedloden

gems/geminabox/CVE-2017-16792.yml

@@ -0,0 +1,21 @@
+---
+gem: geminabox
+cve: 2017-16792
+date: 2017-11-10
+url: https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md#01310-2017-11-13
+title: Stored XSS in "geminabox" via injection in Gemspec "homepage" value
+description: |
+  Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem
+  in a Box) allows attackers to inject arbitrary web script via a crafted
+  JavaScript URL in the "homepage" value of a ".gemspec" file.
+
+  A ".gemspec" file must be created with a JavaScript URL in the homepage
+  value. This can be used to build a gem for upload to the Geminabox server,
+  in order to achieve stored XSS via the gem hyperlink.
+
+patched_versions:
+  - ">= 0.13.10"
+related:
+  url:
+    - https://github.com/geminabox/geminabox/commit/f8429a9e364658459add170e4ebc7a5d3b4759e7
+    - https://github.com/geminabox/geminabox/commit/e7e0b16147677e9029f0b55eff6bc6dda52398d4

gems/gemirro/CVE-2017-16833.yml

@@ -0,0 +1,22 @@
+---
+gem: gemirro
+cve: 2017-16833
+date: 2017-07-11
+url: https://github.com/PierreRambaud/gemirro/commit/9659f9b7ce15a723da8e361bd41b9203b19c97de
+title: Stored XSS in "gemirro" via injection in Gemspec "homepage" value
+description: |
+  Stored cross-site scripting (XSS) vulnerability in Gemirro allows
+  attackers to inject arbitrary web script via a crafted JavaScript URL
+  in the "homepage" value of a ".gemspec" file.
+
+  A ".gemspec" file must be created with a JavaScript URL in the homepage
+  value. This can be used to build a gem for upload to the Gemirro server,
+  in order to achieve stored XSS via the author name hyperlink.
+
+patched_versions:
+- ">= 0.15.0"
+related:
+  url:
+    - https://github.com/PierreRambaud/gemirro/commit/8acfb9ce9774128d535e2795d583242bb86d6ea8
+    - https://github.com/PierreRambaud/gemirro/commit/8fa709b121b7e18fceda308917d0fb68dc1479c3
+    - https://rubygems.org/gems/gemirro/versions/0.15.0

gems/json-jwt/CVE-2018-3768.yml

@@ -0,0 +1,21 @@
+---
+gem: json-jwt
+cve: 2018-3768
+date: 2018-04-30
+url: https://github.com/nov/json-jwt/pull/62
+title: Auth tag forgery vulnerability with AES-GCM encrypted JWT
+description: |
+  Ruby's OpenSSL bindings do not check the length of the supplied
+  authentication tag when decrypting an authenticated encryption mode
+  such as AES-GCM, leaving this up to the authors of a gem/app to
+  implement for properly validating the message.
+
+  json-jwt was not checking for the authentication tag length, meaning
+  that with a one byte tag the JWT would be considered not tampered
+  with. This means that with an average of 128 (max 256) attempts an
+  attacker can forge a valid signature.
+
+unaffected_versions:
+  - "< 0.5.1"
+patched_versions:
+  - ">= 1.9.4"

gems/net-ldap/CVE-2017-17718.yml

@@ -0,0 +1,17 @@
+---
+gem: net-ldap
+cve: 2017-17718
+date: 2017-12-17
+url: https://github.com/ruby-ldap/ruby-net-ldap/issues/258
+title: No validation of hostname certificate in net-ldap
+description: |
+  The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL
+  Certificate Validation. The LDAP server's certificate was not verified
+  to match the host it was supposed to be connecting to.
+
+patched_versions:
+  - ">= 0.16.0"
+related:
+  url:
+    - https://github.com/ruby-ldap/ruby-net-ldap/pull/279
+    - https://github.com/ruby-ldap/ruby-net-ldap/commit/e4c46a223a19feda78393a793711353aa1febdcd

gems/nokogiri/CVE-2018-8048.yml

@@ -0,0 +1,36 @@
+---
+gem: nokogiri
+cve: 2018-8048
+date: 2018-03-29
+url: https://github.com/sparklemotion/nokogiri/pull/1746
+title: Revert libxml2 behavior in Nokogiri gem that could cause XSS
+description: |
+  [MRI] Behavior in libxml2 has been reverted which caused
+  CVE-2018-8048 (loofah gem), CVE-2018-3740 (sanitize gem), and
+  CVE-2018-3741 (rails-html-sanitizer gem). The commit in question is
+  here:
+
+  https://github.com/GNOME/libxml2/commit/960f0e2
+
+  and more information is available about this commit and its impact
+  here:
+
+  https://github.com/flavorjones/loofah/issues/144
+
+  This release simply reverts the libxml2 commit in question to protect
+  users of Nokogiri's vendored libraries from similar vulnerabilities.
+
+  If you're offended by what happened here, I'd kindly ask that you
+  comment on the upstream bug report here:
+
+  https://bugzilla.gnome.org/show_bug.cgi?id=769760
+
+patched_versions:
+  - ">= 1.8.3"
+related:
+  cve:
+    - 2018-3740
+    - 2018-3741
+  url:
+    - https://github.com/GNOME/libxml2/commit/960f0e2
+    - https://bugzilla.gnome.org/show_bug.cgi?id=769760

gems/rack-cors/CVE-2017-11173.yml

@@ -0,0 +1,21 @@
+---
+gem: rack-cors
+cve: 2017-11173
+date: 2015-07-13
+url: https://github.com/cyu/rack-cors/issues/86
+title: rack-cors Gem Missing Anchor permits unauthorized CORS requests
+description: |
+  Missing anchor in generated regex for rack-cors before 0.4.1
+  allows a malicious third-party site to perform CORS requests.
+  If the configuration were intended to allow only the trusted
+  example.com domain name and not the malicious example.net domain name,
+  then example.com.example.net (as well as example.com-example.net) would
+  be inadvertently allowed.
+
+cvss_v2: 6.8
+patched_versions:
+  - ">= 0.4.1"
+related:
+  url:
+    - https://github.com/cyu/rack-cors/issues/86
+    - http://seclists.org/fulldisclosure/2017/Jul/22

gems/rails_admin/CVE-2016-10522.yml

@@ -0,0 +1,21 @@
+---
+gem: rails_admin
+cve: 2016-10522
+date: 2016-12-21
+url: https://www.sourceclear.com/blog/Rails_admin-Vulnerability-Disclosure/
+title: CSRF vulnerability in rails_admin
+description: |
+  The rails_admin gem is vulnerable to cross-site request forgery (CSRF) attacks.
+  Due to a bug, non-GET methods were not validating CSRF tokens and, as a result,
+  an attacker could hypothetically gain access to the application administrative
+  endpoints exposed by the gem.
+
+cvss_v2: 5.5
+unaffected_versions:
+- "< 1.0.0"
+patched_versions:
+- ">= 1.1.1"
+related:
+  url:
+    - https://www.sourceclear.com/registry/security/cross-site-request-forgery-csrf-/ruby/sid-3173
+    - https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a

gems/ruby-grape/CVE-2018-3769.yml

@@ -0,0 +1,20 @@
+---
+gem: ruby-grape
+cve: 2018-3769
+date: 2018-05-23
+url: https://github.com/ruby-grape/grape/issues/1762
+title: ruby-grape Gem has XSS via "format" parameter
+description: |
+  When request on API contains the "format" parameter in GET, the input
+  value of this parameter is rendered as the web-server responds with
+  text/html header.
+
+  Example:
+  http://example.com/api/endpoint?format=%3Cscript%3Ealert(document.cookie)%3C/script%3E
+
+patched_versions:
+  - ">= 1.0.3"
+related:
+  url:
+    - https://github.com/ruby-grape/grape/pull/1763
+    - https://github.com/ruby-grape/grape/commit/6876b71efc7b03f7ce1be3f075eaa4e7e6de19af

gems/thor/CVE-2016-10545.yml

@@ -0,0 +1,14 @@
+---
+gem: thor
+cve: 2016-10545
+date: 2016-01-08
+url: https://github.com/erikhuda/thor/issues/514
+title: Command injection in Thor Gem
+description: |
+  `open-uri`'s open used in Thor::Actions#get allows executing system
+  commands. Documentation does not warn that source parameter is
+  vulnerable to malicious input.
+
+related:
+  url:
+    - https://sakurity.com/blog/2015/02/28/openuri.html

libraries/rubygems/CVE-2017-0903.yml

@@ -0,0 +1,16 @@
+---
+library: rubygems
+cve: 2017-0903
+url: https://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
+title: Unsafe Object Deserialization Vulnerability in RubyGems
+date: 2017-10-09
+description: |
+  There is a possible unsafe object deserialization vulnerability in RubyGems.
+  It is possible for YAML deserialization of gem specifications to bypass class
+  white lists. Specially crafted serialized objects can possibly be used to
+  escalate to remote code execution.
+cvss_v2: 7.5
+unaffected_versions:
+  - "< 2.0.0"
+patched_versions:
+  - ">= 2.6.14"