GHSA SYNC: 1 modified advisory

jasnow · Feb 14, 2024 · 14adbb4 · 14adbb4
1 parent 23cb90e
commit 14adbb4
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/gems/rails/CVE-2009-2422.yml b/gems/rails/CVE-2009-2422.yml
@@ -4,8 +4,8 @@ framework: rails
 cve: 2009-2422
 ghsa: rxq3-gm4p-5fj4
 url: http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
-title: High severity vulnerability that affects rails
-date: 2017-10-24
+title: High Security Vulnerability with authenticate_with_http_digest of Rails
+date: 2009-07-10
 description: |
   The example code for the digest authentication functionality
   (http_authentication.rb) in Ruby on Rails before 2.3.3 defines
@@ -15,14 +15,15 @@ description: |
   applications that are derived from this example by sending an
   invalid username without a password.
 cvss_v2: 7.5
+cvss_v3: 9.8
 patched_versions:
   - ">= 2.3.3"
 related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2009-2422
     - http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
-    - https://exchange.xforce.ibmcloud.com/vulnerabilities/51528
-    - https://github.com/advisories/GHSA-rxq3-gm4p-5fj4
     - https://lists.apple.com/archives/security-announce/2010/Mar/msg00001.html
+    - https://exchange.xforce.ibmcloud.com/vulnerabilities/51528
     - http://support.apple.com/kb/HT4077
     - http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s
+    - https://github.com/advisories/GHSA-rxq3-gm4p-5fj4