From 0a768146c6831bdf02059683c1b2a62e7ff29cf8 Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Thu, 4 Jun 2026 10:40:48 -0400
Subject: [PATCH] Combine gems/spree/OSVDB-76011.yml with
 spree/CVE-2011-10019.yml; delete gems/spree/OSVDB-76011.yml

---
 gems/spree/CVE-2011-10019.yml |  6 ++++--
 gems/spree/OSVDB-76011.yml    | 18 ------------------
 2 files changed, 4 insertions(+), 20 deletions(-)
 delete mode 100644 gems/spree/OSVDB-76011.yml

diff --git a/gems/spree/CVE-2011-10019.yml b/gems/spree/CVE-2011-10019.yml
index e3c29689aa..c84a00306c 100644
--- a/gems/spree/CVE-2011-10019.yml
+++ b/gems/spree/CVE-2011-10019.yml
@@ -1,10 +1,11 @@
 ---
 gem: spree
 cve: 2011-10019
+osvdb: 76011
 ghsa: 97vm-c39p-jr86
-url: https://github.com/advisories/GHSA-97vm-c39p-jr86
+url: https://nvd.nist.gov/vuln/detail/CVE-2011-10019
 title: Remote Command Execution in Spree search functionality
-date: 2011-02-10
+date: 2011-10-05
 description: |
   Spree versions prior to 0.60.2 contain a remote command execution
   vulnerability in the search functionality. The application fails to
@@ -14,6 +15,7 @@ description: |
   authentication.
 cvss_v2: 9.0
 cvss_v3: 9.8
+cvss_v4: 10.0
 patched_versions:
   - ">= 0.60.2"
 related:
diff --git a/gems/spree/OSVDB-76011.yml b/gems/spree/OSVDB-76011.yml
deleted file mode 100644
index 54e4d45a06..0000000000
--- a/gems/spree/OSVDB-76011.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-gem: spree
-osvdb: 76011
-url: https://web.archive.org/web/20121124215359/https://spreecommerce.com/blog/remote-command-product-group
-title:
-  Spree Search ProductScope Class search[send][] Parameter Arbitrary Command
-  Execution
-date: 2011-10-05
-description: |
-  The ProductScope class fails to properly sanitize user-supplied input via the
-  'search[send][]' parameter resulting in arbitrary command execution. With a
-  specially crafted request, a remote attacker can potentially cause arbitrary
-  command execution.
-patched_versions:
-  - ">= 0.60.2"
-related:
-  url:
-    - https://web.archive.org/web/20121124215359/https://spreecommerce.com/blog/remote-command-product-group