GHSA Sync: 1 brand new advisory

rubysec · Dec 28, 2023 · eb0680e · eb0680e
1 parent 918644c
commit eb0680e
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/gems/activeadmin/CVE-2023-51763.yml b/gems/activeadmin/CVE-2023-51763.yml
@@ -0,0 +1,20 @@
+---
+gem: activeadmin
+cve: 2023-51763
+ghsa: rqxc-9p8h-xqgq
+url: https://github.com/advisories/GHSA-rqxc-9p8h-xqgq
+title: ActiveAdmin vulnerable to CSV injection
+date: 2023-12-24
+description: |
+  csv_builder.rb in ActiveAdmin (aka Active Admin)
+  before 3.2.0 allows CSV injection.
+cvss_v3: 8.4
+patched_versions:
+  - ">= 3.2.0"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-51763
+    - https://github.com/activeadmin/activeadmin/releases/tag/v3.2.0
+    - https://github.com/activeadmin/activeadmin/pull/8161
+    - https://github.com/activeadmin/activeadmin/commit/697be2b183491beadc8f0b7d8b5bfb44f2387909
+    - https://github.com/advisories/GHSA-rqxc-9p8h-xqgq