GHSA sync created spina gem advisory CVE-2023-3445 (#666)

rubysec · Jul 1, 2023 · 682145a · 682145a
1 parent c9f3c73
commit 682145a
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/gems/spina/CVE-2023-3445.yml b/gems/spina/CVE-2023-3445.yml
@@ -0,0 +1,19 @@
+---
+gem: spina
+cve: 2023-3445
+ghsa: 97wh-6hmj-g8j9
+url: https://huntr.dev/bounties/18a74a9d-4a2d-4bf8-ae62-56a909427070
+title: Spina Cross-site Scripting vulnerability
+date: 2023-06-28
+description: |
+  Cross-site Scripting (XSS) - Stored in GitHub
+  repository spinacms/spina prior to 2.15.1.
+cvss_v3: 3.5
+patched_versions:
+  - ">= 2.15.1"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-3445
+    - https://huntr.dev/bounties/18a74a9d-4a2d-4bf8-ae62-56a909427070
+    - https://github.com/spinacms/spina/commit/9adfe7b4807b3cc10dbb7351a26cc32f5d8c14a3
+    - https://github.com/advisories/GHSA-97wh-6hmj-g8j9