From 3eef7929aeef9860e7bfbe4d739de10c22945ba4 Mon Sep 17 00:00:00 2001
From: Al Snow <jasnow@hotmail.com>
Date: Thu, 22 Jan 2026 13:29:08 -0500
Subject: [PATCH] GHSA SYNC: 1 brand new unreviewed advisories

---
 rubies/ruby/CVE-2011-3624.yml | 32 ++++++++++++++++++++++++++++++++
 rubies/ruby/CVE-2016-2336.yml | 21 +++++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 rubies/ruby/CVE-2011-3624.yml
 create mode 100644 rubies/ruby/CVE-2016-2336.yml

diff --git a/rubies/ruby/CVE-2011-3624.yml b/rubies/ruby/CVE-2011-3624.yml
new file mode 100644
index 0000000000..ff19890817
--- /dev/null
+++ b/rubies/ruby/CVE-2011-3624.yml
@@ -0,0 +1,32 @@
+---
+engine: ruby
+cve: 2011-3624
+ghsa: rc82-v3mm-rhj2
+url: https://nvd.nist.gov/vuln/detail/CVE-2011-3624
+title: Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7
+date: 2019-11-25
+description: |
+  Various methods in WEBrick::HTTPRequest in Ruby
+  1.9.2-p290 and 1.8.7-p352 and earlier do not validate the
+  X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in
+  requests, which might allow remote attackers to inject arbitrary text
+  into log files or bypass intended address parsing via a crafted header.
+
+  ## Can only have one "notes:" field for adding these notes here:
+  - https://redmine.ruby-lang.org/issues/5418 mentioned CVE-2011-3187
+    - https://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html
+  - https://redmine.ruby-lang.org/issues/5418 says:
+    - "WEBrick has been removed from ruby repository. If anyone interest
+      this, Please file this to https://github.com/ruby/webrick"
+  - Unclear when or if this was patched.
+cvss_v2: 5.0
+cvss_v3: 5.3
+notes: Never patched
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2011-3624
+    - https://access.redhat.com/security/cve/cve-2011-3624
+    - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3624
+    - https://security-tracker.debian.org/tracker/CVE-2011-3624
+    - https://github.com/ruby/webrick
+    - https://github.com/advisories/GHSA-rc82-v3mm-rhj2
diff --git a/rubies/ruby/CVE-2016-2336.yml b/rubies/ruby/CVE-2016-2336.yml
new file mode 100644
index 0000000000..3b5116d146
--- /dev/null
+++ b/rubies/ruby/CVE-2016-2336.yml
@@ -0,0 +1,21 @@
+---
+engine: ruby
+cve: 2016-2336
+ghsa: f46g-7w88-2qv4
+url: https://nvd.nist.gov/vuln/detail/CVE-2016-2336
+title: Type confusion exists in ole_invoke and ole_query_interface
+  methods of Ruby's WIN32OLE class
+date: 2017-01-06
+description: |
+  Type confusion exists in two methods of Ruby's WIN32OLE class,
+  ole_invoke and ole_query_interface.
+  Attacker passing different type of object than this assumed by
+  developers can cause arbitrary code execution.
+cvss_v2: 7.5
+cvss_v3: 9.8
+notes: "Never patched"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-2336
+    - http://www.talosintelligence.com/reports/TALOS-2016-0029
+    - https://github.com/advisories/GHSA-f46g-7w88-2qv4