Updated advisory posts against rubysec/ruby-advisory-db@4ac2ef3

jasnow · RubySec CI · commit d0fdb068e6e7 · 2026-01-14T19:49:28.000Z
diff --git a/advisories/_posts/2011-02-10-CVE-2011-10019.md b/advisories/_posts/2011-02-10-CVE-2011-10019.md
@@ -19,6 +19,7 @@ advisory:
     attackers to execute arbitrary shell commands on the server without
     authentication.
   cvss_v2: 9.0
+  cvss_v3: 9.8
   patched_versions:
   - ">= 0.60.2"
   related:
diff --git a/advisories/_posts/2011-09-01-CVE-2011-4969.md b/advisories/_posts/2011-09-01-CVE-2011-4969.md
@@ -4,8 +4,10 @@ title: 'CVE-2011-4969 (jquery-rails): jQuery vulnerable to Cross-Site Scripting
 comments: false
 categories:
 - jquery-rails
+- rails
 advisory:
   gem: jquery-rails
+  framework: rails
   cve: 2011-4969
   ghsa: 579v-mp3v-rrw5
   url: http://blog.jquery.com/2011/09/01/jquery-1-6-3-released
diff --git a/advisories/_posts/2018-01-18-CVE-2016-10707.md b/advisories/_posts/2018-01-18-CVE-2016-10707.md
@@ -4,8 +4,10 @@ title: 'CVE-2016-10707 (jquery-rails): Denial of Service in jquery'
 comments: false
 categories:
 - jquery-rails
+- rails
 advisory:
   gem: jquery-rails
+  framework: rails
   cve: 2016-10707
   ghsa: mhpp-875w-9cpv
   url: https://nvd.nist.gov/vuln/detail/CVE-2016-10707
diff --git a/advisories/_posts/2020-04-29-CVE-2020-11022.md b/advisories/_posts/2020-04-29-CVE-2020-11022.md
@@ -4,8 +4,10 @@ title: 'CVE-2020-11022 (jquery-rails): Potential XSS vulnerability in jQuery'
 comments: false
 categories:
 - jquery-rails
+- rails
 advisory:
   gem: jquery-rails
+  framework: rails
   cve: 2020-11022
   ghsa: gxr4-xjj5-5px2
   url: https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
diff --git a/advisories/_posts/2020-05-20-CVE-2020-7656.md b/advisories/_posts/2020-05-20-CVE-2020-7656.md
@@ -4,8 +4,10 @@ title: 'CVE-2020-7656 (jquery-rails): Cross-Site Scripting in jquery'
 comments: false
 categories:
 - jquery-rails
+- rails
 advisory:
   gem: jquery-rails
+  framework: rails
   cve: 2020-7656
   ghsa: q4m3-2j7h-f7xw
   url: https://snyk.io/vuln/SNYK-JS-JQUERY-569619
diff --git a/advisories/_posts/2024-05-07-CVE-2024-34341.md b/advisories/_posts/2024-05-07-CVE-2024-34341.md
@@ -5,8 +5,10 @@ title: 'CVE-2024-34341 (actiontext): Arbitrary Code Execution Vulnerability in T
 comments: false
 categories:
 - actiontext
+- rails
 advisory:
   gem: actiontext
+  framework: rails
   cve: 2024-34341
   ghsa: qjqp-xr96-cj99
   url: https://github.com/advisories/GHSA-qjqp-xr96-cj99
@@ -61,12 +63,12 @@ advisory:
     can significantly mitigate the risk of such vulnerabilities.
     Set CSP policies such as script-src 'self' to ensure that only scripts hosted on the same origin
     are executed, and explicitly prohibit inline scripts using script-src-elem.
+  cvss_v3: 5.4
   unaffected_versions:
   - "< 7.0.0"
   patched_versions:
   - "~> 7.0.8, >= 7.0.8.3"
   - ">= 7.1.3.3"
-  cvss_v3: 5.4
   related:
     url:
     - https://discuss.rubyonrails.org/t/xss-vulnerabilities-in-trix-editor/85803
diff --git a/advisories/_posts/2025-08-14-CVE-2025-24293.md b/advisories/_posts/2025-08-14-CVE-2025-24293.md
@@ -5,8 +5,10 @@ title: 'CVE-2025-24293 (activestorage): Active Storage allowed transformation me
 comments: false
 categories:
 - activestorage
+- rails
 advisory:
   gem: activestorage
+  framework: rails
   cve: 2025-24293
   ghsa: r4mg-4433-c7g3
   url: https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3
diff --git a/advisories/_posts/2026-01-13-CVE-2025-68271.md b/advisories/_posts/2026-01-13-CVE-2025-68271.md
@@ -0,0 +1,38 @@
+---
+layout: advisory
+title: 'CVE-2025-68271 (openc3): openc3-api Vulnerable to Unauthenticated Remote Code
+  Execution'
+comments: false
+categories:
+- openc3
+advisory:
+  gem: openc3
+  cve: 2025-68271
+  ghsa: w757-4qv9-mghp
+  url: https://github.com/OpenC3/cosmos/security/advisories/GHSA-w757-4qv9-mghp
+  title: openc3-api Vulnerable to Unauthenticated Remote Code Execution
+  date: 2026-01-13
+  description: |
+    ### Summary
+
+    OpenC3 COSMOS contains a critical remote code execution vulnerability
+    reachable through the JSON-RPC API. When a JSON-RPC request uses the
+    string form of certain APIs, attacker-controlled parameter text is
+    parsed into values using String#convert_to_value. For array-like
+    inputs, convert_to_value executes eval().
+
+    Because the cmd code path parses the command string before calling
+    authorize(), an unauthenticated attacker can trigger Ruby code
+    execution even though the request ultimately fails authorization (401).
+  cvss_v3: 10.0
+  unaffected_versions:
+  - "< 5.0.6"
+  patched_versions:
+  - ">= 6.10.2"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-68271
+    - https://github.com/OpenC3/cosmos/security/advisories/GHSA-w757-4qv9-mghp
+    - https://github.com/OpenC3/cosmos/commit/01e9fbc5e66e9a2500b71a75a44775dd1fc2d1de
+    - https://github.com/advisories/GHSA-w757-4qv9-mghp
+---
