From 543180750b723cded2c3f83de1878f6e127309b9 Mon Sep 17 00:00:00 2001
From: Kentaro Hayashi <hayashi@clear-code.com>
Date: Fri, 6 Jun 2025 11:28:43 +0900
Subject: [PATCH] Fixed Vulnerability details for `GHSA-wrxf-x8rm-6ggg`

Before:

* fluentd and fluentd-ui was marked as vulnerable
* It mentions https://github.com/fluent/fluentd/issues/2722 in
`GHSA-wrxf-x8rm-6ggg` References.

After:

* Only fluentd-ui should be marked as vulnerable
* In `GHSA-wrxf-x8rm-6ggg` References were updated from
https://github.com/fluent/fluentd/issues/2722
to https://github.com/fluent/fluentd-ui/issues/295.

Thus, gems/fluentd/CVE-2020-21514.yml is inappropriate now and
should be removed.
Also, reference url in gems/fluentd-ui/CVE-2020-21514.yml should be
updated.

Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
---
 gems/fluentd-ui/CVE-2020-21514.yml |  2 +-
 gems/fluentd/CVE-2020-21514.yml    | 18 ------------------
 2 files changed, 1 insertion(+), 19 deletions(-)
 delete mode 100644 gems/fluentd/CVE-2020-21514.yml

diff --git a/gems/fluentd-ui/CVE-2020-21514.yml b/gems/fluentd-ui/CVE-2020-21514.yml
index c851d7e226..b36abd8bde 100644
--- a/gems/fluentd-ui/CVE-2020-21514.yml
+++ b/gems/fluentd-ui/CVE-2020-21514.yml
@@ -14,5 +14,5 @@ notes: Never patched
 related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2020-21514
-    - https://github.com/fluent/fluentd/issues/2722
+    - https://github.com/fluent/fluentd-ui/issues/295
     - https://github.com/advisories/GHSA-wrxf-x8rm-6ggg
diff --git a/gems/fluentd/CVE-2020-21514.yml b/gems/fluentd/CVE-2020-21514.yml
deleted file mode 100644
index 5b5c2fd2a9..0000000000
--- a/gems/fluentd/CVE-2020-21514.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-gem: fluentd
-cve: 2020-21514
-ghsa: wrxf-x8rm-6ggg
-url: https://github.com/advisories/GHSA-wrxf-x8rm-6ggg
-title: Fluent Fluentd and Fluent-ui use default password
-date: 2023-04-04
-description: |
-  An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2
-  that allows attackers to gain escilated privileges and execute arbitrary code due
-  to use of a default password.
-cvss_v3: 8.8
-notes: Never patched
-related:
-  url:
-  - https://nvd.nist.gov/vuln/detail/CVE-2020-21514
-  - https://github.com/fluent/fluentd/issues/2722
-  - https://github.com/advisories/GHSA-wrxf-x8rm-6ggg