From f2c6db7fc156789c4cdeb3df329a5bc75807ff6b Mon Sep 17 00:00:00 2001 From: Todd Siegel Date: Thu, 12 Feb 2026 08:45:15 -0700 Subject: [PATCH 1/2] Add patched version for CVE-2026-25765 The fix for this was backported to 1.x versions See: - lostisland/faraday@d0fc049beb - https://github.com/advisories/GHSA-33mh-2634-fwr2 --- gems/faraday/CVE-2026-25765.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/gems/faraday/CVE-2026-25765.yml b/gems/faraday/CVE-2026-25765.yml index 0dd0f85f48..79c47e2603 100644 --- a/gems/faraday/CVE-2026-25765.yml +++ b/gems/faraday/CVE-2026-25765.yml @@ -61,14 +61,17 @@ description: | ``` cvss_v3: 5.8 patched_versions: + - ">= 1.10.5" - ">= 2.14.1" related: url: - https://nvd.nist.gov/vuln/detail/CVE-2026-25765 - https://github.com/lostisland/faraday/security/advisories/GHSA-33mh-2634-fwr2 - https://github.com/lostisland/faraday/releases/tag/v2.14.1 + - https://github.com/lostisland/faraday/releases/tag/v1.10.5 - https://github.com/lostisland/faraday/pull/1569 - https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc + - https://github.com/lostisland/faraday/commit/d0fc049beb0b0e4e3bd4a52711189130bba7c5f4 - https://www.rfc-editor.org/rfc/rfc3986#section-5.2.2 - https://www.rfc-editor.org/rfc/rfc3986#section-5.4 - https://advisories.gitlab.com/pkg/gem/faraday/CVE-2026-25765 From b41eed6dd2ca3a1533adfeb75bf492a9d7cfaa0b Mon Sep 17 00:00:00 2001 From: Al Snow <43523+jasnow@users.noreply.github.com> Date: Thu, 12 Feb 2026 20:00:15 -0500 Subject: [PATCH 2/2] Update patched_versions format in CVE-2026-25765.yml --- gems/faraday/CVE-2026-25765.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gems/faraday/CVE-2026-25765.yml b/gems/faraday/CVE-2026-25765.yml index 79c47e2603..634c630425 100644 --- a/gems/faraday/CVE-2026-25765.yml +++ b/gems/faraday/CVE-2026-25765.yml @@ -61,7 +61,7 @@ description: | ``` cvss_v3: 5.8 patched_versions: - - ">= 1.10.5" + - "~> 1.10.5" - ">= 2.14.1" related: url: