rubysec · jasnow · May 24, 2025
diff --git a/gems/camaleon_cms/GHSA-3hp8-6j24-m5gm.yml b/gems/camaleon_cms/GHSA-3hp8-6j24-m5gm.yml
diff --git a/gems/ejson2env/CVE-2025-48069.yml b/gems/ejson2env/CVE-2025-48069.yml
@@ -0,0 +1,48 @@
+---
+gem: ejson2env
+cve: 2025-48069
+ghsa: 2c47-m757-32g6
+url: https://github.com/Shopify/ejson2env/security/advisories/GHSA-2c47-m757-32g6
+title: Insufficient input sanitization in ejson2env
+date: 2025-05-21
+description: |
+  ### Summary
+  The `ejson2env` tool has a vulnerability related to how it writes to
+  `stdout`. Specifically, the tool is intended to write an export
+  statement for environment variables and their values. However, due
+  to inadequate output sanitization, there is a potential risk where
+  variable names or values may include malicious content, resulting
+  in additional unintended commands being output to `stdout`. If this
+  output is improperly utilized in further command execution, it could
+  lead to command injection vulnerabilities, allowing an attacker to
+  execute arbitrary commands on the host system.
+
+  ### Details
+  The vulnerability exists because environment variables are not
+  properly sanitized during the decryption phase, which enables
+  malicious keys or encrypted values to inject commands.
+
+  ### Impact
+  An attacker with control over `.ejson` files can inject commands
+  in the environment where `source $(ejson2env)` or `eval ejson2env`
+  are executed.
+
+  ### Mitigation
+  - Update to a version of `ejson2env` that sanitizes the output
+    during decryption or
+  - Do not use `ejson2env` to decrypt untrusted user secrets or
+  - Do not evaluate or execute the direct output from `ejson2env`
+    without removing nonprintable characters.
+
+  ### Credit
+  Thanks to security researcher [Demonia](https://hackerone.com/demonia?type=user)
+  for reporting this issue.
+cvss_v3: 6.6
+patched_versions:
+  - ">= 2.0.8"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-48069
+    - https://github.com/Shopify/ejson2env/security/advisories/GHSA-2c47-m757-32g6
+    - https://github.com/Shopify/ejson2env/commit/592b3ceea967fee8b064e70983e8cec087b6d840
+    - https://github.com/advisories/GHSA-2c47-m757-32g6
diff --git a/gems/nokogiri/GHSA-vcc3-rw6f-jv97.yml b/gems/nokogiri/GHSA-vcc3-rw6f-jv97.yml
diff --git a/gems/omniauth-saml/GHSA-hw46-3hmr-x9xv.yml b/gems/omniauth-saml/GHSA-hw46-3hmr-x9xv.yml
diff --git a/gems/user_agent_parser/GHSA-pcqq-5962-hvcw.yml b/gems/user_agent_parser/GHSA-pcqq-5962-hvcw.yml