RubygemsResearch

Sha256: 6a6026e1e5057b860a3f448b00849af4b7d1eacd6b1fbd3132279565ebd4d7b0

Contents?: true

Size: 1.14 KB

Versions: 19

Compression:

Stored size: 1.14 KB

	module Dawn
		module Kb
			# Automatically created with rake on 2013-10-22
			class CVE_2013_2065
				include RubyVersionCheck

				def initialize
          message = "Native functions exposed to Ruby with DL or Fiddle do not check the taint values set on the objects passed in. This can result in tainted objects being accepted as input when a SecurityError exception should be raised."

          # TODO: fix links and info
          super({
            :name=>"CVE-2013-2065",
            :cvss=>"",
            :release_date => Date.new(2013, 5, 14),
            :cwe=>"264",
            :owasp=>"A9", 
            :applies=>["rails", "sinatra", "padrino"],
            :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
            :message=>message,
            :mitigation=>"Please upgrade ruby interpreter to 1.9.3-p436 or 2.0.0-p195 or latest version available",
            :aux_links=>["https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/"]
          })

          self.safe_rubies = [{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p426"}, {:engine=>"ruby", :version=>"2.0.0", :patchlevel=>"p195"}]

				end
			end
		end
	end

Version data entries

19 entries across 19 versions & 1 rubygems

Version	Path
dawnscanner-1.6.9	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.6.8	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.6.7	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.6.6	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.6.5	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.6.4	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.6.3	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.6.2	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.6.1	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.6.0	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.5.2	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.5.1	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.5.0	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.4.2	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.4.1	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.4.0	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.3.5	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.3.1	lib/dawn/kb/cve_2013_2065.rb
dawnscanner-1.3.0	lib/dawn/kb/cve_2013_2065.rb