Skip to content

external-data-improvements.md

Latest commit

 

History

History
54 lines (38 loc) · 3.39 KB

external-data-improvements.md

File metadata and controls

54 lines (38 loc) · 3.39 KB

Information on Helping To Improve External Data

Remember that these requests are outside the scope of the ruby-advisory-db repo.

Here are the different sources of information this repo usually uses and how to request a change if needed.

GENERAL

  • Missing CVE number (also just "reserved" CVE with no details)
    • Google CVE number, check cve.org and nvd.nist.gov web sites
  • Missing GHSA number
    • Google GHSA number, check GHSA web site.
  • Missing patch release
    • See repo README on policy.
  • Have only project-specific data (announcement, blog, CHANGELOG, Release notes) about advisory
    • Google for more information. Try to contact developer privately.
  • To exclude a duplicate or disputed advisories, create a PR to add them to file.

GEMS

  • PR: To change a specific GHSA rubygems-related advisory, go to GHSA and search for the specific advisory. Scroll down to the bottom of web page and click on See something to contribute? link. This will open a page where you can edit the advisory and create a GHSA PR.

  • To create a new GHSA rubygems-advisory, go to HERE and follow their instructions.

  • To change something on the https://nvd.nist.gov/vuln/detail web site, currently not known but you can read more at HERE.

  • To change something on https://www.cve.org as Non-CNA, got HERE and follows their directions.

  • To change something with osvdb advisory, the Open Sourced Vulnerability Database (OSVDB) was permanently shut down in 2016 and is no longer active or hosted online. Try to see if there is a GHSA or CVE reference that that vulnerability.

RUBIES (ruby, jruby, mruby, rubinius/rbx, etc)

Feel free to suggest more scenarios to add or better words/etc to improve existing scenarios.