Sha256: 7f469feee35cd70c4909ca0600ce546868737baf0a64f370d2f53470779b0f61

Contents?: true

Size: 1.07 KB

Versions: 2

Compression:

Stored size: 1.07 KB

Contents

module Codesake
	module Dawn
		module Kb
			# Automatically created with rake on 2014-04-17
			class OSVDB_105971
				include DependencyCheck

				def initialize
          message = "sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body] input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands."

           super({
            :name=> "OSVDB-105971",
            :cvss=>"",
            :release_date => Date.new(2014, 4, 16),
            :cwe=>"",
            :owasp=>"A9",
            :applies=>["rack", "sinatra", "padrino", "rails"],
            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
            :message=>message,
            :mitigation=>"Please upgrade sfpagent version at least to 0.4.15. As a general rule, using the latest stable version is recommended.",
            :aux_links=>["http://seclists.org/oss-sec/2014/q2/118"]
           })
           self.safe_dependencies = [{:name=>"sfpagent", :version=>['0.4.15']}]

				end
			end
		end
	end
end

Version data entries

2 entries across 2 versions & 1 rubygems

Version Path
codesake-dawn-1.1.3 lib/codesake/dawn/kb/osvdb_105971.rb
codesake-dawn-1.1.2 lib/codesake/dawn/kb/osvdb_105971.rb