Sha256: dc8fb1c721692c7a9b57a53746ab1b1c0e82c315a01b76b1292b48c88d76ca4f
Contents?: true
Size: 1.19 KB
Versions: 17
Compression:
Stored size: 1.19 KB
Contents
module Dawn
module Kb
# Automatically created with rake on 2015-04-04
class OSVDB_118579
# Include the testing skeleton for this Security Check
# include PatternMatchCheck
include DependencyCheck
# include RubyVersionCheck
def initialize
message = "xaviershay-dm-rails Gem for Ruby contains a flaw in the execute() function in /datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb. The issue is due to the function exposing sensitive information via the process table. This may allow a local attack to gain access to MySQL credential information."
super({
:name=> "OSVDB_118579",
:cve=>"2015-2179",
:osvdb=>"118579",
:cvss=>"",
:release_date => Date.new(2015, 2, 17),
:cwe=>"",
:owasp=>"A9",
:applies=>["rails"],
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
:message=>message,
:mitigation=>"We are not currently aware of a solution for this vulnerability (4 April 2015)",
:aux_links=>[""]
})
self.safe_dependencies = [{:name=>"xaviershay-dm-rails", :version=>['0.8.0']}]
end
end
end
end
Version data entries
17 entries across 17 versions & 1 rubygems