Sha256: 5e5d3e3aa0985d2b3e136d7eef716ce62f3c55469866ca598af7be81006417c9
Contents?: true
Size: 1.19 KB
Versions: 2
Compression:
Stored size: 1.19 KB
Contents
module Dawn
module Kb
# Automatically created with rake on 2015-07-29
class CVE_2015_3227
include DependencyCheck
def initialize
message = "The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth."
super({
:name=>"CVE-2015-3227",
:cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
:release_date => Date.new(2015, 7, 26),
:cwe=>"",
:owasp=>"A9",
:applies=>["sinatra", "padrino", "rails"],
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
:message=>message,
:mitigation=>"Please upgrade activesupport gem to latest version or at least 4.1.12 or 4.2.3. This is automatically done by upgrading your Rails environment if you are using it.",
:aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J"]
})
self.safe_dependencies = [{:name=>"activesupport", :version=>['4.1.12', '4.2.3']}]
end
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| dawnscanner-1.4.0 | lib/dawn/kb/cve_2015_3227.rb |
| dawnscanner-1.3.5 | lib/dawn/kb/cve_2015_3227.rb |