Skip to content

Add CVE-2026-41316#1039

Closed
hudakh wants to merge 1 commit into
rubysec:masterfrom
hudakh:CSV-2026-41316
Closed

Add CVE-2026-41316#1039
hudakh wants to merge 1 commit into
rubysec:masterfrom
hudakh:CSV-2026-41316

Conversation

@hudakh
Copy link
Copy Markdown
Contributor

@hudakh hudakh commented Apr 22, 2026

jasnow

This comment was marked as outdated.

Sign in to view

jasnow
jasnow requested changes May 19, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jasnow jasnow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for delay.

GEMS/ERB/...

  1. Use "url: GHSA-q339-8rmv-2mhv" .
  2. Add "ghsa: q339-8rmv-2mhv" field/value.
  3. Change "title: ERB has an @_init deserialization guard bypass via def_module / def_method / def_class".
  4. Use "8.1" from GHSA or NVD for cvss_v3.
  5. Use "~>" for 1st 3 patched_versions: field.
  6. Add this reference field.
    related:
    url:

================================================
RUBIES/RUBY/...

  1. Add "ghsa: q339-8rmv-2mhv" field/value.
  2. Use "url: GHSA-q339-8rmv-2mhv" .
  3. Use "8.1" from GHSA or NVD for cvss_v3 field.
  4. Use ">=" in patched_versions: field.
  5. Add these to related: / url: field.

@jasnow
Copy link
Copy Markdown
Member

jasnow commented May 27, 2026

@hudakh - Please respond to review change requests.

@jasnow jasnow mentioned this pull request May 30, 2026
Merged
@jasnow
Copy link
Copy Markdown
Member

jasnow commented May 30, 2026

@hudakh - Please respond to review change requests.

Note that PR #1081 has all of the requested changes to this PR.

@jasnow
Copy link
Copy Markdown
Member

jasnow commented May 31, 2026

The requested changes were implemented in PR #1081 so this PR can be closed. Thanks for your contribution.

@jasnow jasnow closed this May 31, 2026
@jasnow
Copy link
Copy Markdown
Member

jasnow commented May 31, 2026

Forgot #1081 had not been merged. Sorry.

@jasnow jasnow reopened this May 31, 2026
flavorjones pushed a commit that referenced this pull request May 31, 2026
@jasnow @huda-kh
My requested changes to PR #1039 (#1081)
851dcb1 
* Add CVE-2026-41316

* Updated both advisory to normal conventions

* Update CVE-2026-41316 date to 2026-04-13

---------

Co-authored-by: Huda <huda@haesemathematics.com.au>
@hudakh
Copy link
Copy Markdown
Contributor Author

hudakh commented Jun 1, 2026

Sorry I went MIA, just saw all the notifications!

@jasnow
Copy link
Copy Markdown
Member

jasnow commented Jun 1, 2026

Sorry I went MIA, just saw all the notifications!

NP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasnow jasnow jasnow requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@hudakh @jasnow @flavorjones @huda-kh