Fix guard-livereload security vulnerability #289#1026
Conversation
- Add missing CVE-2016-1000305 advisory for guard-livereload - Fix test validation logic in gem_advisory_example.rb - Resolve 8 failing tests by improving version requirement validation - Handle compound version requirements (e.g., '~> 4.2.5, >= 4.2.5.1') - Add edge case handling for unaffected versions - All 53,803 tests now pass Fixes rubysec#289
| cvss_v2: 5.0 | ||
| cvss_v3: 7.5 | ||
| unaffected_versions: | ||
| - ">= 2.5.2" |
There was a problem hiding this comment.
This can not be the same as the patched_versions.
|
@kallal79 - Add feedback |
|
Gsoc |
Does this mean your are busy with GSOC at the moment? |
|
Thanks @jasnow and @simi for the feedback. I had submitted a proposal to your org for GSoC under the guidance of my mentor, but since I wasn’t selected I’ve joined another org. Still, I’ll continue contributing here — I’ll make the required changes, commit, and push updates for this PR. If your org had selected me, I would have been able to dedicate full‑time effort. In case there are any paid internships or full‑time opportunities available, please let me know — I’d be very interested in working full‑time with you. |
Hello @kallal79. Good luck on your GSoC project! This repository is currently fully community maintained. Sadly, there are no paid internships available. |
Looking forward to your updates. |
|
Removing "ready to review", the changes already requested have not been made. |
| expect(subject).to be_kind_of(String).or(be_nil) | ||
| end | ||
| end | ||
|
|
There was a problem hiding this comment.
Move this file/changes to separate PR.
| related: | ||
| url: | ||
| - https://github.com/guard/guard-livereload/issues/159 | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2016-1000305 |
There was a problem hiding this comment.
This URL does not exist. Please find a GHSA or CVE URL to use to validate this advisory.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
kallal79
force-pushed
the
fix-guard-livereload-vulnerability-289
branch
from
dcd6124 to
0a1bf69
Compare
kallal79
force-pushed
the
fix-guard-livereload-vulnerability-289
branch
from
0a1bf69 to
accffa1
Compare
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| - ">= 2.5.2" | ||
| related: | ||
| url: | ||
| - https://security.snyk.io/vuln/SNYK-RUBY-GUARDLIVERELOAD-20361 |
There was a problem hiding this comment.
|
@kallal79 sorry for the noise, please ignore the bot. |
| notes: | | ||
| This vulnerability was assigned CVE-2016-1000305 by the DWF (Distributed Weakness Filing) | ||
| project. The gem has not been released after fixing this vulnerability in version 2.5.2. | ||
| Users should consider migrating to rack-livereload as an alternative. No newline at end of file |
There was a problem hiding this comment.
Add CR after line 31 to pass yamllint.
5 participants
Fixes #289