Sha256: 1b2ee70c990660f861509e543e9a2d4cd06d918182d0dd597208460b26ed3114

Contents?: true

Size: 1.34 KB

Versions: 19

Compression:

Stored size: 1.34 KB

Contents

	module Dawn
		module Kb
			# Automatically created with rake on 2013-05-10
			class CVE_2013_0155
				include DependencyCheck

				def initialize
          message = "Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660 and CVE-2012-2694."

          super({
            :name=>"CVE-2013-0155",
            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:N",
            :release_date => Date.new(2013, 1, 13),
            :cwe=>"",
            :owasp=>"A9", 
            :applies=>["rails"],
            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
            :message=>message,
            :mitigation=>"Please upgrade rails version at least to 3.0.19, 3.1.10 and 3.2.11. As a general rule, using the latest stable rails version is recommended.",
            :aux_links=>["https://groups.google.com/d/topic/rubyonrails-security/c7jT-EeN9eI/discussion"]
          })

          self.safe_dependencies = [{:name=>"rails", :version=>['3.0.19', '3.1.10', '3.2.11']}]


				end
			end
		end
	end

Version data entries

19 entries across 19 versions & 1 rubygems

Version Path
dawnscanner-1.6.9 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.6.8 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.6.7 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.6.6 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.6.5 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.6.4 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.6.3 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.6.2 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.6.1 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.6.0 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.5.2 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.5.1 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.5.0 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.4.2 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.4.1 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.4.0 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.3.5 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.3.1 lib/dawn/kb/cve_2013_0155.rb
dawnscanner-1.3.0 lib/dawn/kb/cve_2013_0155.rb