Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ruby gem vulnerability CVE-2019-13117 #2092

Closed
SDBrett opened this issue Dec 2, 2019 · 0 comments · Fixed by #2093
Closed

Ruby gem vulnerability CVE-2019-13117 #2092

SDBrett opened this issue Dec 2, 2019 · 0 comments · Fixed by #2093
Labels
Bug Security Security related issues

Comments

@SDBrett
Copy link
Contributor

SDBrett commented Dec 2, 2019

From bundle audit

Name: nokogiri
Version: 1.10.4
Advisory: CVE-2019-13117
Criticality: Unknown
URL: sparklemotion/nokogiri#1943
Title: Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Solution: upgrade to >= 1.10.5

Vulnerabilities found!

Self assign.

SDBrett added a commit to SDBrett/velero that referenced this issue Dec 2, 2019
Fixes: vmware-tanzu#2092
Resolves: CVE-2019-13117

Updated gemfile.lock for security vulnerability.

Updated Gemfile to specify gem versions, providing more control over versions when using bundle update. Including the Jekyll version in the Gemfile tells Nelify which version to build with.

Signed-off-by: Brett Johnson <brett@sdbrett.com>
SDBrett added a commit to SDBrett/velero that referenced this issue Dec 3, 2019
Fixes: vmware-tanzu#2092
Resolves: CVE-2019-13117

Updated gemfile.lock for security vulnerability.

Updated Gemfile to specify gem versions, providing more control over versions when using bundle update. Including the Jekyll version in the Gemfile tells Nelify which version to build with.

Signed-off-by: Brett Johnson <brett@sdbrett.com>
@skriss skriss added Bug Security Security related issues labels Dec 3, 2019
skriss pushed a commit that referenced this issue Dec 4, 2019
Fixes: #2092
Resolves: CVE-2019-13117

Updated gemfile.lock for security vulnerability.

Updated Gemfile to specify gem versions, providing more control over versions when using bundle update. Including the Jekyll version in the Gemfile tells Nelify which version to build with.

Signed-off-by: Brett Johnson <brett@sdbrett.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug Security Security related issues
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants