RubygemsResearch

Sha256: 2921b5db3e5f20fed989f299197911f30a06291c218e6759be691d24fc4d36e0

Contents?: true

Size: 1.35 KB

Versions: 19

Compression:

Stored size: 1.35 KB

module Codesake
	module Dawn
		module Kb
			# Automatically created with rake on 2013-05-20
			class CVE_2013_1656
				include DependencyCheck

				def initialize
          message = "Spree Commerce 1.0.x through 1.3.2 allow remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the (1) payment_method parameter to core/app/controllers/spree/admin/payment_methods_controller.rb; and the (2) promotion_action parameter to promotion_actions_controller.rb, (3) promotion_rule parameter to promotion_rules_controller.rb, and (4) calculator_type parameter to promotions_controller.rb in promo/app/controllers/spree/admin/, related to unsafe use of the constantize function."


          super({
            :name=>'CVE-2013-1656', 
            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",  
            :release_date => Date.new(2013, 3, 8),
            :cwe=>"20", 
            :owasp=>"A9",
            :applies=>["rails", "sinatra", "padrino"],
            :kind => Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
            :message => message,
            :mitigation=>"Please upgrade Spree commerce rubygem",
            :aux_links => ["http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed"]
          })
          self.safe_dependencies = [{:name=>"spree", :version=>['1.3.3']}]

				end
			end
		end
	end
end

Version data entries

19 entries across 19 versions & 2 rubygems

Version	Path
dawnscanner-1.2.99	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.2.99	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.2.0	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.1.3	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.1.2	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.1.1	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.1.0	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.1.0.rc2	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.1.0.rc1	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.0.6	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.0.5	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.0.4	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.0.3	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.0.2	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.0.1	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.0.0	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.0.0.rc2	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-1.0.0.rc1	lib/codesake/dawn/kb/cve_2013_1656.rb
codesake-dawn-0.85	lib/codesake/dawn/kb/cve_2013_1656.rb