Skip to content
This repository has been archived by the owner on Jan 19, 2023. It is now read-only.

Ruby gem vulnerability CVE-2019-13117 #445

Closed
SDBrett opened this issue Nov 25, 2019 · 0 comments · Fixed by #446
Closed

Ruby gem vulnerability CVE-2019-13117 #445

SDBrett opened this issue Nov 25, 2019 · 0 comments · Fixed by #446

Comments

@SDBrett
Copy link
Contributor

SDBrett commented Nov 25, 2019

From bundle audit

Name: nokogiri
Version: 1.10.4
Advisory: CVE-2019-13117
Criticality: Unknown
URL: sparklemotion/nokogiri#1943
Title: Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Solution: upgrade to >= 1.10.5

Vulnerabilities found!
SDBrett added a commit to SDBrett/octant that referenced this issue Nov 26, 2019
@SDBrett
Ruby gem vulnerability CVE-2019-13117
5b06970 
Fixes: vmware-archive#445
Resolved: CVE-2019-13117

Updated gemfile.lock for security vulnerability.

Updated Gemfile to specify gem versions, providing more control over versions when using `bundle update`. Including the Jekyll version in the Gemfile tells Nelify which version to build with.

Signed-off-by: Brett Johnson <[email protected]>
@SDBrett SDBrett mentioned this issue Nov 26, 2019
Merged
SDBrett added a commit to SDBrett/octant that referenced this issue Nov 27, 2019
@SDBrett
Ruby gem vulnerability CVE-2019-13117
747bd8a 
Fixes: vmware-archive#445
Resolved: CVE-2019-13117

Updated gemfile.lock for security vulnerability.

Updated Gemfile to specify gem versions, providing more control over versions when using `bundle update`. Including the Jekyll version in the Gemfile tells Nelify which version to build with.

Signed-off-by: Brett Johnson <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ruby gem vulnerability CVE-2019-13117 SDBrett/octant
1 participant
@SDBrett