Updated advisory posts against rubysec/ruby-advisory-db@a1c6e7c

flavorjones · RubySec CI · commit 39fc4e593b6f · 2026-05-23T20:00:14.000Z
diff --git a/advisories/_posts/2023-10-30-CVE-2023-5349.md b/advisories/_posts/2023-10-30-CVE-2023-5349.md
@@ -20,7 +20,7 @@ advisory:
   - ">= 5.3.0"
   related:
     ghsa:
-    - https://github.com/advisories/GHSA-j6x7-7g72-8ww2
+    - j6x7-7g72-8ww2
     url:
     - https://nvd.nist.gov/vuln/detail/CVE-2023-5349
     - https://github.com/rmagick/rmagick/issues/1401
diff --git a/advisories/_posts/2024-03-21-CVE-2024-27281.md b/advisories/_posts/2024-03-21-CVE-2024-27281.md
@@ -39,5 +39,5 @@ advisory:
   patched_versions:
   - "~> 6.3.4, >= 6.3.4.1"
   - "~> 6.4.1, >= 6.4.1.1"
-  - ">=  6.5.1.1"
+  - ">= 6.5.1.1"
 ---
diff --git a/advisories/_posts/2024-04-26-CVE-2024-32887.md b/advisories/_posts/2024-04-26-CVE-2024-32887.md
@@ -7,7 +7,7 @@ categories:
 advisory:
   gem: sidekiq
   cve: 2024-32887
-  ghsa: GHSA-q655-3pj8-9fxq
+  ghsa: q655-3pj8-9fxq
   url: https://github.com/sidekiq/sidekiq/security/advisories/GHSA-q655-3pj8-9fxq
   title: Reflected XSS in Metrics Web Page
   date: 2024-04-26
diff --git a/advisories/_posts/2024-07-16-CVE-2024-39908.md b/advisories/_posts/2024-07-16-CVE-2024-39908.md
@@ -39,7 +39,7 @@ advisory:
   - ">= 3.3.2"
   related:
     ghsa:
-    - https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
+    - vg3r-rm7w-2xgh
     url:
     - https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908
     - https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
diff --git a/advisories/_posts/2024-09-11-CVE-2024-45409.md b/advisories/_posts/2024-09-11-CVE-2024-45409.md
@@ -27,9 +27,8 @@ advisory:
   - ">= 2.2.1"
   related:
     ghsa:
-    - https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq
-    - https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
-    - https://github.com/advisories/GHSA-cvp8-5r8g-fhvq
+    - cvp8-5r8g-fhvq
+    - jw9c-mfg7-9rx2
     url:
     - https://github.com/omniauth/omniauth-saml/commit/4274e9d57e65f2dcaae4aa3b2accf831494f2ddd
     - https://github.com/omniauth/omniauth-saml/commit/6c681fd082ab3daf271821897a40ab3417382e29
diff --git a/advisories/_posts/2025-03-14-GHSA-mrxw-mxhj-p664.md b/advisories/_posts/2025-03-14-GHSA-mrxw-mxhj-p664.md
@@ -47,6 +47,6 @@ advisory:
     - https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
     - https://github.com/advisories/GHSA-mrxw-mxhj-p664
     cve:
-    - https://nvd.nist.gov/vuln/detail/CVE-2024-55549
-    - https://nvd.nist.gov/vuln/detail/CVE-2025-24855
+    - 2024-55549
+    - 2025-24855
 ---
diff --git a/advisories/_posts/2025-04-21-GHSA-5w6v-399v-w3cc.md b/advisories/_posts/2025-04-21-GHSA-5w6v-399v-w3cc.md
@@ -57,8 +57,8 @@ advisory:
   - ">= 1.18.8"
   related:
     cve:
-    - CVE-2025-32414
-    - CVE-2025-32415
+    - 2025-32414
+    - 2025-32415
     url:
     - https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc
     - https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8
diff --git a/advisories/_posts/2025-05-08-CVE-2025-32441.md b/advisories/_posts/2025-05-08-CVE-2025-32441.md
@@ -54,7 +54,7 @@ advisory:
   - ">= 2.2.14"
   related:
     ghsa:
-    - https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj
+    - 9j94-67jr-4cqj
     url:
     - https://nvd.nist.gov/vuln/detail/CVE-2025-32441
     - https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g
diff --git a/advisories/_posts/2025-05-08-CVE-2025-46336.md b/advisories/_posts/2025-05-08-CVE-2025-46336.md
@@ -56,7 +56,7 @@ advisory:
   - ">= 2.1.1"
   related:
     ghsa:
-    - https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g
+    - vpfw-47h7-xj4g
     url:
     - https://nvd.nist.gov/vuln/detail/CVE-2025-46336
     - https://github.com/rack/rack-session/commit/c28c4a8c1861d814e09f2ae48264ac4c40be2d3b
diff --git a/advisories/_posts/2025-12-23-CVE-2025-68696.md b/advisories/_posts/2025-12-23-CVE-2025-68696.md
@@ -62,44 +62,6 @@ advisory:
     Also, Python's `urljoin` function has documented a warning about similar behavior:
     <https://docs.python.org/3.13/library/urllib.parse.html#urllib.parse.urljoin>
 
-    ## PoC
-
-    Follow these steps to reproduce the issue:
-
-    1. Set up two simple HTTP servers.
-
-       ```bash
-       mkdir /tmp/server1 /tmp/server2
-       echo "this is server1" > /tmp/server1/index.html
-       echo "this is server2" > /tmp/server2/index.html
-       python -m http.server -d /tmp/server1 10001 &
-       python -m http.server -d /tmp/server2 10002 &
-       ```
-
-    2. Create a script (for example, `main.rb`):
-
-       ```rb
-       require 'httparty'
-
-       class Client
-         include HTTParty
-         base_uri 'http://localhost:10001'
-       end
-
-       data = Client.get('http://localhost:10002').body
-       puts data
-       ```
-
-    3. Run the script:
-
-       ```bash
-       $ ruby main.rb
-       this is server2
-       ```
-
-    Although `base_uri` is set to `http://localhost:10001/`, httparty sends the request to `http://localhost:10002/`.
-
-
     ## Impact
 
     - Leakage of credentials: If an absolute URL is provided, any API keys or credentials configured in httparty may be exposed to unintended third-party hosts.
