Ruby gem vulnerability CVE-2019-13117 #2092
Comments
SDBrett
added a commit
to SDBrett/velero
that referenced
this issue
Dec 2, 2019
Fixes: vmware-tanzu#2092 Resolves: CVE-2019-13117 Updated gemfile.lock for security vulnerability. Updated Gemfile to specify gem versions, providing more control over versions when using bundle update. Including the Jekyll version in the Gemfile tells Nelify which version to build with. Signed-off-by: Brett Johnson <brett@sdbrett.com>
SDBrett
added a commit
to SDBrett/velero
that referenced
this issue
Dec 3, 2019
Fixes: vmware-tanzu#2092 Resolves: CVE-2019-13117 Updated gemfile.lock for security vulnerability. Updated Gemfile to specify gem versions, providing more control over versions when using bundle update. Including the Jekyll version in the Gemfile tells Nelify which version to build with. Signed-off-by: Brett Johnson <brett@sdbrett.com>
skriss
pushed a commit
that referenced
this issue
Dec 4, 2019
Fixes: #2092 Resolves: CVE-2019-13117 Updated gemfile.lock for security vulnerability. Updated Gemfile to specify gem versions, providing more control over versions when using bundle update. Including the Jekyll version in the Gemfile tells Nelify which version to build with. Signed-off-by: Brett Johnson <brett@sdbrett.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From bundle audit
Name: nokogiri
Version: 1.10.4
Advisory: CVE-2019-13117
Criticality: Unknown
URL: sparklemotion/nokogiri#1943
Title: Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Solution: upgrade to >= 1.10.5
Vulnerabilities found!
Self assign.
The text was updated successfully, but these errors were encountered: