(pre-post-processed) diff --git a/gems/actionpack/CVE-2014-7818.yml b/gems/actionpack/CVE-2014-7818.yml

gistfile1.txt

diff --git a/gems/actionpack/CVE-2014-7818.yml b/gems/actionpack/CVE-2014-7818.yml
index 7b801ab..42df6ed 100644
--- a/gems/actionpack/CVE-2014-7818.yml
+++ b/gems/actionpack/CVE-2014-7818.yml
@@ -1,21 +1,73 @@
 ---
 gem: actionpack
-framework: rails
 cve: 2014-7818
 ghsa: 29gr-w57f-rpfw
-url: https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo
-title: Arbitrary file existence disclosure in Action Pack
-date: 2014-10-30
-description: |
-  Specially crafted requests can be used to determine whether a file exists on
-  the filesystem that is outside the Rails application's root directory.  The
-  files will not be served, but attackers can determine whether or not the file
-  exists.
-cvss_v2: 4.3
+url: https://github.com/advisories/GHSA-29gr-w57f-rpfw
+title: actionpack vulnerable to Path Traversal
+date: 2017-10-24
+description: Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb
+  in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before
+  4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows
+  remote attackers to determine the existence of files outside the application root
+  via a /..%2F sequence.
+cvss_v3: "<FILL IN IF AVAILABLE>"
 unaffected_versions:
-  - "< 3.0.0"
+- "<OPTIONAL: FILL IN SEE BELOW>"
 patched_versions:
-  - "~> 3.2.20"
-  - "~> 4.0.11"
-  - "~> 4.1.7"
-  - ">= 4.2.0.beta3"
+- "~> 3.2.20"
+- "~> 4.0.11"
+- ">= 4.1.7"
+related:
+  url:
+  - url: https://nvd.nist.gov/vuln/detail/CVE-2014-7818
+  - url: https://github.com/advisories/GHSA-29gr-w57f-rpfw
+  - url: https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ
+  - url: https://puppet.com/security/cve/cve-2014-7829
+  - url: http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html
+
+
+# GitHub advisory data below - **Remove this data before committing**
+# Use this data to write patched_versions (and potentially unaffected_versions) above
+---
+identifiers:
+- type: GHSA
+  value: GHSA-29gr-w57f-rpfw
+- type: CVE
+  value: CVE-2014-7818
+summary: actionpack vulnerable to Path Traversal
+description: Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb
+  in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before
+  4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows
+  remote attackers to determine the existence of files outside the application root
+  via a /..%2F sequence.
+severity: MODERATE
+cvss:
+  score: 0.0
+  vectorString: 
+references:
+- url: https://nvd.nist.gov/vuln/detail/CVE-2014-7818
+- url: https://github.com/advisories/GHSA-29gr-w57f-rpfw
+- url: https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ
+- url: https://puppet.com/security/cve/cve-2014-7829
+- url: http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html
+publishedAt: '2017-10-24T18:33:36Z'
+withdrawnAt: 
+vulnerabilities:
+- package:
+    name: actionpack
+    ecosystem: RUBYGEMS
+  vulnerableVersionRange: ">= 4.1.0, < 4.1.7"
+  firstPatchedVersion:
+    identifier: 4.1.7
+- package:
+    name: actionpack
+    ecosystem: RUBYGEMS
+  vulnerableVersionRange: ">= 4.0.0, < 4.0.11"
+  firstPatchedVersion:
+    identifier: 4.0.11
+- package:
+    name: actionpack
+    ecosystem: RUBYGEMS
+  vulnerableVersionRange: ">= 3.0.0, < 3.2.20"
+  firstPatchedVersion:
+    identifier: 3.2.20

The fact that cvss_v2 disappeared and cvss_v3 disappeared, implies the cvss score wasn't returned by GitHub.

The fact that cvss_v2 disappeared and cvss_v3 disappeared, implies the cvss score wasn't returned by GitHub.

OK - I usually manually check the NVD and add it if available.

The fact that cvss_v2 disappeared and cvss_v3 disappeared, implies the cvss score wasn't returned by GitHub.

Here is who added this:
rubysec/ruby-advisory-db@d4fc8fb