From 682145ae64d96511b4eec164f7be4dd2d13135c6 Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Fri, 30 Jun 2023 20:36:31 -0400
Subject: [PATCH] GHSA sync created spina gem advisory CVE-2023-3445 (#666)

---
 gems/spina/CVE-2023-3445.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 gems/spina/CVE-2023-3445.yml

diff --git a/gems/spina/CVE-2023-3445.yml b/gems/spina/CVE-2023-3445.yml
new file mode 100644
index 0000000000..25a79ef913
--- /dev/null
+++ b/gems/spina/CVE-2023-3445.yml
@@ -0,0 +1,19 @@
+---
+gem: spina
+cve: 2023-3445
+ghsa: 97wh-6hmj-g8j9
+url: https://huntr.dev/bounties/18a74a9d-4a2d-4bf8-ae62-56a909427070
+title: Spina Cross-site Scripting vulnerability
+date: 2023-06-28
+description: |
+  Cross-site Scripting (XSS) - Stored in GitHub
+  repository spinacms/spina prior to 2.15.1.
+cvss_v3: 3.5
+patched_versions:
+  - ">= 2.15.1"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-3445
+    - https://huntr.dev/bounties/18a74a9d-4a2d-4bf8-ae62-56a909427070
+    - https://github.com/spinacms/spina/commit/9adfe7b4807b3cc10dbb7351a26cc32f5d8c14a3
+    - https://github.com/advisories/GHSA-97wh-6hmj-g8j9