pxlpnk · September 24, 2018 07:08
diff --git a/bundle audit check --update b/bundle audit check --update
 $ bundle audit check --update

 Updating ruby-advisory-db ...
 From https://github.com/rubysec/ruby-advisory-db
 * branch            master     -> FETCH_HEAD
 Already up to date.
 Updated ruby-advisory-db
 ruby-advisory-db: 322 advisories
 Name: omniauth-oauth2
 Version: 1.0.2
 Advisory: CVE-2012-6134
 Criticality: High
 URL: http://www.osvdb.org/show/osvdb/90264
 Title: Ruby on Rails omniauth-oauth2 Gem CSRF vulnerability
 Solution: upgrade to >= 1.1.1

 Name: rubyzip
 Version: 1.2.1
 Advisory: CVE-2018-1000544
 Criticality: Unknown
 URL: https://github.com/rubyzip/rubyzip/issues/369
 Title: Directory Traversal in rubyzip
 Solution: upgrade to >= 1.2.2

 Vulnerabilities found!
diff --git a/bundle_audit.rb b/bundle_audit.rb
 require 'bundler/audit/task'
 Bundler::Audit::Task.new
	$ bundle audit check --update

	Updating ruby-advisory-db ...
	From https://github.com/rubysec/ruby-advisory-db
	* branch master -> FETCH_HEAD
	Already up to date.
	Updated ruby-advisory-db
	ruby-advisory-db: 322 advisories
	Name: omniauth-oauth2
	Version: 1.0.2
	Advisory: CVE-2012-6134
	Criticality: High
	URL: http://www.osvdb.org/show/osvdb/90264
	Title: Ruby on Rails omniauth-oauth2 Gem CSRF vulnerability
	Solution: upgrade to >= 1.1.1

	Name: rubyzip
	Version: 1.2.1
	Advisory: CVE-2018-1000544
	Criticality: Unknown
	URL: https://github.com/rubyzip/rubyzip/issues/369
	Title: Directory Traversal in rubyzip
	Solution: upgrade to >= 1.2.2

	Vulnerabilities found!