Updated advisory posts against rubysec/ruby-advisory-db@6434583

Author: jasnow

advisories/_posts/2025-07-09-CVE-2025-24294.md

@@ -7,6 +7,7 @@ categories:
 advisory:
   gem: resolv
   cve: 2025-24294
+  ghsa: xh69-987w-hrp8
   url: https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294
   title: Possible Denial of Service in resolv gem
   date: 2025-07-09
@@ -41,6 +42,7 @@ advisory:
 
     ## History
     Originally published at 2025-07-08 07:00:00 (UTC)
+  cvss_v3: 5.3
   patched_versions:
   - "~> 0.2.2"
   - "~> 0.3.0"

advisories/_posts/2025-07-15-GHSA-29g5-m8v7-v564.md

@@ -0,0 +1,32 @@
+---
+layout: advisory
+title: 'GHSA-29g5-m8v7-v564 (measured): Measured is vulnerable to Path Traversal attacks
+  during class initialization'
+comments: false
+categories:
+- measured
+advisory:
+  gem: measured
+  ghsa: 29g5-m8v7-v564
+  url: https://github.com/Shopify/measured/security/advisories/GHSA-29g5-m8v7-v564
+  title: Measured is vulnerable to Path Traversal attacks during class initialization
+  date: 2025-07-15
+  description: |
+    ### Impact
+
+    A path traversal vulnerability exists where an attacker
+    with access to manipulate inputs when initializing the
+    `Measured::Cache::Json class` would be able to instruct
+    the library to read arbitrary files.
+
+    ### Patches
+
+    Users should update to the latest version.
+  patched_versions:
+  - ">= 3.2.1"
+  related:
+    url:
+    - https://github.com/Shopify/measured/security/advisories/GHSA-29g5-m8v7-v564
+    - https://github.com/Shopify/measured/commit/d6319985a2304d97c085e3dc45c98af554f4be76
+    - https://github.com/advisories/GHSA-29g5-m8v7-v564
+---