- All text must be within 80 columns.
- YAML must be indented by 2 spaces.
- Have any questions? Feel free to open an issue.
- Prior to submitting a pull request, run the tests:
bundle install
bundle exec rspec
- Follow the schema. Here is a sample advisory:
---
gem: activerecord
framework: rails
cve: 2014-3514
url: https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ
title: Data Injection Vulnerability in Active Record
date: 2014-08-18
description: >-
The create_with functionality in Active Record was implemented
incorrectly and completely bypasses the strong parameters
protection. Applications which pass user-controlled values to
create_with could allow attackers to set arbitrary attributes on
models.
cvss_v2: 8.7
unaffected_versions:
- "< 4.0.0"
patched_versions:
- ~> 4.0.9
- ">= 4.1.5"
gem [String]: Name of the affected gem.framework [String] (optional): Name of framework gem belongs to.platform [String] (optional): If this vulnerability is platform-specific, name of platform this vulnerability affects (e.g. JRuby)cve [String]: CVE id.osvdb [Fixnum]: OSVDB id.url [String]: The URL to the full advisory.title [String]: The title of the advisory.date [Date]: Disclosure date of the advisory.description [String]: Multi-paragraph description of the vulnerability.cvss_v2 [Float]: The [CVSSv2] score for the vulnerability.unaffected_versions [Array<String>] (optional): The version requirements for the
unaffected versions of the Ruby library.patched_versions [Array<String>]: The version requirements for the
patched versions of the Ruby library.