Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update webrick CVE-2024-47220 #18586

Merged
merged 2 commits into from
Sep 24, 2024
Merged

Update webrick CVE-2024-47220 #18586

merged 2 commits into from
Sep 24, 2024

Conversation

rmtolmach
Copy link
Contributor

Summary

error in CI:

 Name: webrick
Version: 1.8.1
CVE: CVE-2024-47220
GHSA: GHSA-6f62-3596-g6w7
Criticality: High
URL: https://github.com/advisories/GHSA-6f62-3596-g6w7
Title: HTTP Request Smuggling in ruby webrick
Solution: update to '>= 1.8.2'

Vulnerabilities found!

Related issue(s)

https://github.com/department-of-veterans-affairs/vets-api/actions/runs/11015115140/job/30587368893

Testing

rebeccatolmach ~/git/vets-api b update webrick
Fetching gem metadata from https://enterprise.contribsys.com/..
Fetching gem metadata from https://rubygems.org/.......
Resolving dependencies...
Resolving dependencies...
Fetching webrick 1.8.2 (was 1.8.1)
Installing webrick 1.8.2 (was 1.8.1)
Bundle updated!
1 installed gem you directly depend on is looking for funding.
  Run `bundle fund` for details

What areas of the site does it impact?

b/c of this vulnerability, tests won't run which means code isn't deployed.

@rmtolmach rmtolmach requested a review from a team as a code owner September 24, 2024 14:13
@github-actions GitHub Actions
Copy link

Backend-review-group approval confirmed.

@rmtolmach rmtolmach merged commit 8428e42 into master Sep 24, 2024
23 checks passed
@rmtolmach rmtolmach deleted the update_webrick branch September 24, 2024 14:55
bramleyjl pushed a commit that referenced this pull request Sep 24, 2024
@rmtolmach @bramleyjl
update webrick CVE-2024-47220 (#18586)
cbd6475
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LindseySaari LindseySaari LindseySaari approved these changes

Assignees
No one assigned
Labels
require-backend-approval test-passing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rmtolmach @LindseySaari @va-vfs-bot