From eebb27b1a552b375f8bd4ed478946a1647362051 Mon Sep 17 00:00:00 2001
From: Al Snow <jasnow@hotmail.com>
Date: Thu, 14 Aug 2025 19:29:39 -0400
Subject: [PATCH 1/2] Updated CVE-2014-10075 advisory to current standards;
 Removed/replaced dead links

---
 gems/karo/CVE-2014-10075.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/gems/karo/CVE-2014-10075.yml b/gems/karo/CVE-2014-10075.yml
index b6fe46ace6..5e5bf6af27 100644
--- a/gems/karo/CVE-2014-10075.yml
+++ b/gems/karo/CVE-2014-10075.yml
@@ -1,12 +1,9 @@
 ---
 gem: karo
-library: rubygems
-framework: rubygems
-platform: rubygems
 cve: 2014-10075
 osvdb: 108573
 ghsa: qfwq-chf4-jvwg
-url: https://nvd.nist.gov/vuln/detail/CVE-2014-10075
+url: https://github.com/advisories/GHSA-qfwq-chf4-jvwg
 title: karo Gem for Ruby db.rb Metacharacter Handling Remote Command Execution
 date: 2014-06-30
 description: |
@@ -21,13 +18,16 @@ description: |
     in a Command ('Command Injection')
 
   * Severity: CRITICAL - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+cvss_v2: 7.5
 cvss_v3: 9.8
+notes: "Never patched"
 related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2014-10075
-    - http://www.vapid.dhs.org/advisories/karo-2.3.8.html
-    - http://www.vapidlabs.com/advisory.php?v=63
-    - http://osvdb.org/show/osvdb/108573
-    - https://github.com/advisories/GHSA-qf67-vmxx-gp4jGHSA-qfwq-chf4-jvwg.json
     - https://github.com/rahult/karo
     - https://github.com/rahult/karo/blob/master/CHANGELOG.md
+    - https://web.archive.org/web/20250421021935/http://www.vapid.dhs.org/advisories/karo-2.3.8.html
+    - http://www.vapidlabs.com/advisory.php?v=63
+    - https://www.openwall.com/lists/oss-security/2014/07/07/22
+    - https://rubysec.com/advisories/OSVDB-108573
+    - https://github.com/advisories/GHSA-qfwq-chf4-jvwg

From c842f0199e63ae1a58a27f587f04e4662e6d0951 Mon Sep 17 00:00:00 2001
From: Postmodern <postmodern.mod3@gmail.com>
Date: Thu, 14 Aug 2025 18:07:22 -0700
Subject: [PATCH 2/2] Update CVE-2014-10075.yml

* No need to link to `rubysec.com`.
---
 gems/karo/CVE-2014-10075.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/gems/karo/CVE-2014-10075.yml b/gems/karo/CVE-2014-10075.yml
index 5e5bf6af27..05491f3596 100644
--- a/gems/karo/CVE-2014-10075.yml
+++ b/gems/karo/CVE-2014-10075.yml
@@ -29,5 +29,4 @@ related:
     - https://web.archive.org/web/20250421021935/http://www.vapid.dhs.org/advisories/karo-2.3.8.html
     - http://www.vapidlabs.com/advisory.php?v=63
     - https://www.openwall.com/lists/oss-security/2014/07/07/22
-    - https://rubysec.com/advisories/OSVDB-108573
     - https://github.com/advisories/GHSA-qfwq-chf4-jvwg