Issue Description
Flagging here that resque's dependency on sinatra has a known vulnerability (CVE-2024-21510). An active issue is being worked on. Found as a result of sentry-ruby dependency on resque.
See here: sinatra/sinatra#2052
bundle exec bundle-audit update && bundle exec bundle-audit
Expected Behavior
Updating ruby-advisory-db ...
From https://github.com/rubysec/ruby-advisory-db
* branch master -> FETCH_HEAD
Already up to date.
Updated ruby-advisory-db
ruby-advisory-db:
advisories: 946 advisories
last updated: 2024-11-02 13:23:04 -0700
commit: a30efc46eef41d6412f5b2d6853a1750bd0035d2
No vulnerabilities found
Actual Behavior
Updating ruby-advisory-db ...
From https://github.com/rubysec/ruby-advisory-db
* branch master -> FETCH_HEAD
Already up to date.
Updated ruby-advisory-db
ruby-advisory-db:
advisories: 946 advisories
last updated: 2024-11-02 13:23:04 -0700
commit: a30efc46eef41d6412f5b2d6853a1750bd0035d2
Name: sinatra
Version: 3.2.0
CVE: CVE-2024-21510
GHSA: GHSA-hxx2-7vcw-mqr3
Criticality: Medium
URL: https://github.com/advisories/GHSA-hxx2-7vcw-mqr3
Title: Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
Solution: remove or disable this gem until a patch is available!
Vulnerabilities found!
Issue Description
Flagging here that
resque's dependency onsinatrahas a known vulnerability (CVE-2024-21510). An active issue is being worked on. Found as a result ofsentry-rubydependency onresque.See here: sinatra/sinatra#2052
bundle exec bundle-audit update && bundle exec bundle-auditExpected Behavior
Actual Behavior