From 14adbb405972b31ed4ef84a92644b60ea87dc26e Mon Sep 17 00:00:00 2001
From: Al Snow <jasnow@hotmail.com>
Date: Wed, 14 Feb 2024 14:26:22 -0500
Subject: [PATCH] GHSA SYNC: 1 modified advisory

---
 gems/rails/CVE-2009-2422.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/gems/rails/CVE-2009-2422.yml b/gems/rails/CVE-2009-2422.yml
index d8667afd71..94860f8d72 100644
--- a/gems/rails/CVE-2009-2422.yml
+++ b/gems/rails/CVE-2009-2422.yml
@@ -4,8 +4,8 @@ framework: rails
 cve: 2009-2422
 ghsa: rxq3-gm4p-5fj4
 url: http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
-title: High severity vulnerability that affects rails
-date: 2017-10-24
+title: High Security Vulnerability with authenticate_with_http_digest of Rails
+date: 2009-07-10
 description: |
   The example code for the digest authentication functionality
   (http_authentication.rb) in Ruby on Rails before 2.3.3 defines
@@ -15,14 +15,15 @@ description: |
   applications that are derived from this example by sending an
   invalid username without a password.
 cvss_v2: 7.5
+cvss_v3: 9.8
 patched_versions:
   - ">= 2.3.3"
 related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2009-2422
     - http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
-    - https://exchange.xforce.ibmcloud.com/vulnerabilities/51528
-    - https://github.com/advisories/GHSA-rxq3-gm4p-5fj4
     - https://lists.apple.com/archives/security-announce/2010/Mar/msg00001.html
+    - https://exchange.xforce.ibmcloud.com/vulnerabilities/51528
     - http://support.apple.com/kb/HT4077
     - http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s
+    - https://github.com/advisories/GHSA-rxq3-gm4p-5fj4