From 79611a5590f5747fb120443451cfafee954b6bea Mon Sep 17 00:00:00 2001
From: Al Snow <jasnow@hotmail.com>
Date: Sun, 1 Feb 2026 21:15:50 -0500
Subject: [PATCH 1/3] GHSA SYNC: 1 modified advisory; 1 new advisory - 2nd
 batch

---
 rubies/jruby/CVE-2011-4838.yml | 13 +++++++++++--
 rubies/ruby/CVE-2006-5467.yml  | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 2 deletions(-)
 create mode 100644 rubies/ruby/CVE-2006-5467.yml

diff --git a/rubies/jruby/CVE-2011-4838.yml b/rubies/jruby/CVE-2011-4838.yml
index 9e6182f3e6..79745ab6b9 100644
--- a/rubies/jruby/CVE-2011-4838.yml
+++ b/rubies/jruby/CVE-2011-4838.yml
@@ -2,7 +2,8 @@
 engine: jruby
 cve: 2011-4838
 osvdb: 78116
-url: http://jruby.org/2011/12/27/jruby-1-6-5-1
+ghsa: cgqc-fqxr-q6r6
+url: http://jruby.org/2011/12/27/jruby-1-6-5-1.html
 title: "CVE-2011-4838 jruby: hash table collisions DoS (oCERT-2011-003)"
 date: 2011-12-27
 description: |
@@ -10,6 +11,14 @@ description: |
   to trigger hash collisions predictably, which allows context-dependent attackers
   to cause a denial of service (CPU consumption) via crafted input to an application
   that maintains a hash table.
-cvss_v2: 7.8
+cvss_v2: 5.0
 patched_versions:
   - ">= 1.6.5.1"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2011-4838
+    - http://jruby.org/2011/12/27/jruby-1-6-5-1.html
+    - http://www.ocert.org/advisories/ocert-2011-003.html
+    - https://www.kb.cert.org/vuls/id/903934
+    - https://exchange.xforce.ibmcloud.com/vulnerabilities/72019
+    - https://github.com/advisories/GHSA-cgqc-fqxr-q6r6
diff --git a/rubies/ruby/CVE-2006-5467.yml b/rubies/ruby/CVE-2006-5467.yml
new file mode 100644
index 0000000000..0fc9068ed8
--- /dev/null
+++ b/rubies/ruby/CVE-2006-5467.yml
@@ -0,0 +1,33 @@
+---
+engine: ruby
+cve: 2006-5467
+ghsa: cgqx-jwj4-2jc4
+url: https://nvd.nist.gov/vuln/detail/CVE-2006-5467
+title: Denial of service vulnerabilities in the Ruby CGI
+date: 2006-10-27
+description: |
+  The cgi.rb CGI library for Ruby 1.8 allows remote attackers to
+  cause a denial of service (infinite loop and CPU consumption) via
+  an HTTP request with a multipart MIME body that contains an invalid
+  boundary specifier, as demonstrated using a specifier that begins
+  with a "-" instead of "--" and contains an inconsistent ID.
+cvss_v2: 5.0
+patched_versions:
+  - "~> 1.8.5-p2"
+  - ">= 1.9.0"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2006-5467
+    - https://www.ruby-lang.org/en/news/2006/11/03/CVE-2006-5467
+    - https://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library
+    - https://cache.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-cgi-dos-1.patch
+    - http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html
+    - https://bugzilla.redhat.com/show_bug.cgi?id=212237
+    - https://jvn.jp/en/jp/JVN84798830/index.html
+    - http://security.gentoo.org/glsa/glsa-200611-12.xml
+    - https://ubuntu.com/security/notices/USN-371-1
+    - http://www.debian.org/security/2006/dsa-1234
+    - https://lists.debian.org/debian-security-announce/2006/msg00337.html
+    - https://web.archive.org/web/20071214135617/http://docs.info.apple.com/article.html?artnum=305530
+    - https://web.archive.org/web/20080221113337/http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
+    - https://github.com/advisories/GHSA-cgqx-jwj4-2jc4

From 2447d0696979544a3ea2993219785ceada8e1701 Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Tue, 3 Feb 2026 19:42:14 -0500
Subject: [PATCH 2/3] Fix URL formatting in CVE-2011-4838.yml

---
 rubies/jruby/CVE-2011-4838.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rubies/jruby/CVE-2011-4838.yml b/rubies/jruby/CVE-2011-4838.yml
index 79745ab6b9..09a694d795 100644
--- a/rubies/jruby/CVE-2011-4838.yml
+++ b/rubies/jruby/CVE-2011-4838.yml
@@ -17,7 +17,7 @@ patched_versions:
 related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2011-4838
-    - http://jruby.org/2011/12/27/jruby-1-6-5-1.html
+    - http://jruby.org/2011/12/27/jruby-1-6-5-1
     - http://www.ocert.org/advisories/ocert-2011-003.html
     - https://www.kb.cert.org/vuls/id/903934
     - https://exchange.xforce.ibmcloud.com/vulnerabilities/72019

From 32b8d220c7a9e4c3b32bd8e5a406ca33f3aeee4e Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Tue, 3 Feb 2026 19:44:06 -0500
Subject: [PATCH 3/3] Update URL for JRuby CVE-2011-4838 advisory

---
 rubies/jruby/CVE-2011-4838.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rubies/jruby/CVE-2011-4838.yml b/rubies/jruby/CVE-2011-4838.yml
index 09a694d795..1e6baee16e 100644
--- a/rubies/jruby/CVE-2011-4838.yml
+++ b/rubies/jruby/CVE-2011-4838.yml
@@ -17,7 +17,7 @@ patched_versions:
 related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2011-4838
-    - http://jruby.org/2011/12/27/jruby-1-6-5-1
+    - https://www.jruby.org/2011/12/27/jruby-1-6-5-1
     - http://www.ocert.org/advisories/ocert-2011-003.html
     - https://www.kb.cert.org/vuls/id/903934
     - https://exchange.xforce.ibmcloud.com/vulnerabilities/72019