Updated advisory posts against rubysec/ruby-advisory-db@b1bb1f7

jasnow · RubySec CI · commit 50b2f12770d6 · 2024-06-21T20:41:44.000Z
diff --git a/advisories/_posts/2023-06-06-CVE-2023-34102.md b/advisories/_posts/2023-06-06-CVE-2023-34102.md
@@ -14,7 +14,7 @@ advisory:
   description: |
     ### Summary
 
-    "The polymorphic field type stores the classes to operate on when updating
+    The polymorphic field type stores the classes to operate on when updating
     a record with user input, and does not validate them in the back end.
     This can lead to unexpected behavior, remote code execution, or
     application crashes when viewing a manipulated record.
@@ -35,20 +35,38 @@ advisory:
 
     ### PoC
 
-    ![image](https://user-images.githubusercontent.com/26464774/243437854-933d94c8-4ae0-43fe-b2da-35b103e28796.png)\n_In the test scenario we choose the demo app and the review resource which has a polymorphic
-    reviewable field._![image](https://user-images.githubusercontent.com/26464774/243437954-2d947c6d-4e97-4e91-a442-405e553dd047.png)\n_Intercepting
-    the request and switching the review[reviewable_type] from “Fish”
-    to “File” which is a real class inside Rails_![image](https://user-images.githubusercontent.com/26464774/243438031-109de6d0-9370-4318-b18e-c5bcea61cf54.png)\n_Corrupting
-    the database with unusable classes will cause a crash at the
-    application while viewing the new record or the index
-    view (partial DoS)_\n\n![image](https://user-images.githubusercontent.com/26464774/243438104-80df5aae-86de-40fc-870d-689a03cae389.png)\n_Manual
-    delete the corrupted resource in order to recover the applications functionality_\n\n![image](https://user-images.githubusercontent.com/26464774/243438182-1e7eef54-73ba-47d0-b5df-4bad14859af3.png)\n_Of
-    course it is possible to use other class names or namespaces. The
+    ![image](https://user-images.githubusercontent.com/26464774/243437854-933d94c8-4ae0-43fe-b2da-35b103e28796.png)
+
+    In the test scenario we choose the demo app and the review
+    resource which has a polymorphic reviewable field.
+
+    ![image](https://user-images.githubusercontent.com/26464774/243437954-2d947c6d-4e97-4e91-a442-405e553dd047.png)
+
+    Intercepting the request and switching the review[reviewable_type]
+    from “Fish” to “File” which is a real class inside Rails
+
+    ![image](https://user-images.githubusercontent.com/26464774/243438031-109de6d0-9370-4318-b18e-c5bcea61cf54.png)
+
+    Corrupting the database with unusable classes will cause a crash
+    at the application while viewing the new record or the index
+    view (partial DoS)
+
+    ![image](https://user-images.githubusercontent.com/26464774/243438104-80df5aae-86de-40fc-870d-689a03cae389.png)
+
+    Manual delete the corrupted resource in order to recover the
+    applications functionality
+
+    ![image](https://user-images.githubusercontent.com/26464774/243438182-1e7eef54-73ba-47d0-b5df-4bad14859af3.png)
+
+    Of course it is possible to use other class names or namespaces. The
     local development environment displays the backend error message
     when visiting a corrupted record. Avo is trying to apply a scope to
-    this class that does not exist._\n\n![image](https://user-images.githubusercontent.com/26464774/243438257-dbb59153-58a8-4421-b796-f2a0f2c20083.png)\n_Specifying
-    an invalid class name in the parameter will cause the application
-    to crash again while trying constanize the provided string_
+    this class that does not exist.
+
+    ![image](https://user-images.githubusercontent.com/26464774/243438257-dbb59153-58a8-4421-b796-f2a0f2c20083.png)
+
+    Specifying an invalid class name in the parameter will cause the
+    application to crash again while trying constanize the provided string
 
     ### Impact
 
@@ -63,7 +81,7 @@ advisory:
     when defining classes for records. In this particular case, Avo can
     evaluate the options list given for the polymorphic field and only allow
     strings from that list. With this white-list approach, an attacker
-    cannot supply unintended classes."
+    cannot supply unintended classes.
   cvss_v3: 8.3
   patched_versions:
   - ">= 2.33.3"
diff --git a/advisories/_posts/2024-02-20-CVE-2023-47634.md b/advisories/_posts/2024-02-20-CVE-2023-47634.md
@@ -12,10 +12,17 @@ advisory:
   title: Race condition in Endorsements
   date: 2024-02-20
   description: |
-    "### Impact\n\nA race condition in the endorsement of resources (for
-    instance, a proposal) allows a user to make more than once endorsement.\n\nTo exploit
-    this vulnerability, the request to set an endorsement must be sent several times
-    in parallel.\n \n### Workarounds\n\nDisable the Endorsement feature in the components. "
+    ### Impact
+
+    A race condition in the endorsement of resources (for instance,
+    a proposal) allows a user to make more than once endorsement.
+
+    To exploit this vulnerability, the request to set an
+    endorsement must be sent several times in parallel.
+
+    ### Workarounds
+
+    Disable the Endorsement feature in the components.
   cvss_v3: 3.1
   unaffected_versions:
   - "< 0.10.0"
