From 63d6a583a1e69661d6795bd48f92074d119ef7e1 Mon Sep 17 00:00:00 2001 From: Maqsood Ahmad Date: Fri, 23 Aug 2024 13:02:59 +0530 Subject: [PATCH] (PA-6881) Adding rexml gem to agent-runtime-main for CVE-2024-41123 and CVE-2024-41946 --- configs/projects/agent-runtime-main.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configs/projects/agent-runtime-main.rb b/configs/projects/agent-runtime-main.rb index 4f3e8398e..6fc09bd6e 100644 --- a/configs/projects/agent-runtime-main.rb +++ b/configs/projects/agent-runtime-main.rb @@ -63,6 +63,12 @@ proj.component 'rubygem-thor' proj.component 'rubygem-scanf' + # We add rexml explicitly in here because even though ruby 3 ships with rexml as its default gem, the version + # of rexml it ships with contains CVE-2024-41946 and CVE-2024-41123. + # So, we add it here to update to a higher version + # free from the CVEs. + proj.component 'rubygem-rexml' + if platform.is_linux? proj.component "virt-what" proj.component "dmidecode" unless platform.architecture =~ /ppc64/