Sha256: 3029f4ef09797551f29c3f73d549970fe8a5733307e5046cc00bb2023c52e70c

Contents?: true

Size: 1.09 KB

Versions: 19

Compression:

Stored size: 1.09 KB

Contents

  module Dawn
    module Kb
      class CVE_2013_1800  
        include DependencyCheck
        

        def initialize

          message = "The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156."

          super({:name=>"CVE-2013-1800", 
                :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P", 
                :release_date => Date.new(2013, 4, 9),
                :cwe=>"264",
                :owasp=>"A9", 
                :applies=>["sinatra", "padrino", "rails"],
                :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
                :message=>message,
                :mitigation=>"Please use crack gem version 0.3.2 or above. Correct your gemfile"
          })
          self.safe_dependencies = [{:name=>'crack', :version=>['0.3.2']}]
        end

      end
    end
  end

Version data entries

19 entries across 19 versions & 1 rubygems

Version Path
dawnscanner-1.6.9 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.6.8 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.6.7 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.6.6 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.6.5 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.6.4 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.6.3 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.6.2 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.6.1 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.6.0 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.5.2 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.5.1 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.5.0 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.4.2 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.4.1 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.4.0 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.3.5 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.3.1 lib/dawn/kb/cve_2013_1800.rb
dawnscanner-1.3.0 lib/dawn/kb/cve_2013_1800.rb