Sha256: 77aa48373c114dcc0b3e49d3154b59393169900713240d37dd5273abafa8f1ee

Contents?: true

Size: 1.17 KB

Versions: 22

Compression:

Stored size: 1.17 KB

Contents

module Codesake
	module Dawn
		module Kb
			# Automatically created with rake on 2013-10-22
			class CVE_2013_2065
				include RubyVersionCheck

				def initialize
          message = "Native functions exposed to Ruby with DL or Fiddle do not check the taint values set on the objects passed in. This can result in tainted objects being accepted as input when a SecurityError exception should be raised."

          # TODO: fix links and info
          super({
            :name=>"CVE-2013-2065",
            :cvss=>"",
            :release_date => Date.new(2013, 5, 14),
            :cwe=>"264",
            :owasp=>"A9", 
            :applies=>["rails", "sinatra", "padrino"],
            :kind=>Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
            :message=>message,
            :mitigation=>"Please upgrade ruby interpreter to 1.9.3-p436 or 2.0.0-p195 or latest version available",
            :aux_links=>["https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/"]
          })

          self.safe_rubies = [{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p426"}, {:engine=>"ruby", :version=>"2.0.0", :patchlevel=>"p195"}]

				end
			end
		end
	end
end

Version data entries

22 entries across 22 versions & 2 rubygems

Version Path
dawnscanner-1.2.99 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.2.99 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.2.0 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.1.3 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.1.2 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.1.1 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.1.0 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.1.0.rc2 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.1.0.rc1 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.0.6 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.0.5 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.0.4 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.0.3 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.0.2 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.0.1 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.0.0 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.0.0.rc2 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-1.0.0.rc1 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-0.85 lib/codesake/dawn/kb/cve_2013_2065.rb
codesake-dawn-0.80.0 lib/codesake/dawn/kb/cve_2013_2065.rb