From 560208e05a751a18c111dc2e6854dfbe3131654f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Krzy=C5=BCanowski?= Date: Tue, 7 Jul 2026 08:24:20 +0200 Subject: [PATCH] update patched_versions for GHSA-mjgf-xj26-9qf9 --- gems/pay/GHSA-mjgf-xj26-9qf9.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/gems/pay/GHSA-mjgf-xj26-9qf9.yml b/gems/pay/GHSA-mjgf-xj26-9qf9.yml index 348acf3f77..b963484c85 100644 --- a/gems/pay/GHSA-mjgf-xj26-9qf9.yml +++ b/gems/pay/GHSA-mjgf-xj26-9qf9.yml @@ -38,15 +38,16 @@ description: | - Credit - Reported by tonghuaroot (https://github.com/tonghuaroot) cvss_v3: 7.4 +patched_versions: + - ">= 11.6.2" related: url: - https://advisories.gitlab.com/gem/pay/GHSA-mjgf-xj26-9qf9 - https://github.com/pay-rails/pay/security/advisories/GHSA-mjgf-xj26-9qf9 - https://github.com/advisories/GHSA-mjgf-xj26-9qf9 notes: | - - Latest (unpatched) release as of 7/2/2026 is 11.6.1 - - `pay` (rubygem) ≤ v11.6.1 (latest release as of 2026-05-27). - - https://github.com/pay-rails/pay/releases/tag/v11.6.1 - - https://rubygems.org/gems/pay/versions/11.6.1 + - Fixed in 11.6.2. + - https://github.com/pay-rails/pay/releases/tag/v11.6.2 + - https://rubygems.org/gems/pay/versions/11.6.2 - cvss_v3 value comes from project advisory. - No cve value, so missing cvss_v2 and cvss_v4 values.