lib/checks/check_response_splitting.rb in brakeman-0.7.1 vs lib/checks/check_response_splitting.rb in brakeman-0.7.2
- old
+ new
@@ -8,10 +8,10 @@
def run_check
if version_between?('2.3.0', '2.3.13')
warn :warning_type => "Response Splitting",
- :message => "Versions before 2.3.14 have a vulnerability content type handling allowing injection of headers. Upgrade or apply patches as needed.",
+ :message => "Versions before 2.3.14 have a vulnerability content type handling allowing injection of headers: CVE-2011-3186",
:confidence => CONFIDENCE[:med]
end
end
end