Updated advisory posts against rubysec/ruby-advisory-db@965f31f

jasnow · RubySec CI · commit 22ca1a8c5c74 · 2026-05-27T01:56:47.000Z
diff --git a/advisories/_posts/2024-02-21-CVE-2024-26143.md b/advisories/_posts/2024-02-21-CVE-2024-26143.md
@@ -10,7 +10,7 @@ advisory:
   framework: rails
   cve: 2024-26143
   ghsa: 9822-6m93-xqf4
-  url: https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
+  url: https://nvd.nist.gov/vuln/detail/CVE-2024-26143
   title: Possible XSS Vulnerability in Action Controller
   date: 2024-02-21
   description: |-
@@ -48,8 +48,8 @@ advisory:
     * Use a default value where the default value is untrusted and unescaped input
     * Send the text to the victim (whether that’s part of a template, or a
       `render` call)
-
-    All users running an affected release should either upgrade or use one of the workarounds immediately.
+    All users running an affected release should either upgrade or use one
+    of the workarounds immediately.
 
     # Releases
 
@@ -64,4 +64,12 @@ advisory:
   patched_versions:
   - "~> 7.0.8, >= 7.0.8.1"
   - ">= 7.1.3.1"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-26143
+    - https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
+    - https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e
+    - https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc
+    - https://security.netapp.com/advisory/ntap-20240510-0004
+    - https://github.com/advisories/GHSA-9822-6m93-xqf4
 ---
