dawnscanner 1.6.8 → 2.0.0.rc4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/.ruby-version +1 -1
- data/Changelog.md +27 -1
- data/LICENSE.txt +1 -1
- data/README.md +59 -57
- data/Rakefile +10 -242
- data/Roadmap.md +15 -23
- data/VERSION +1 -1
- data/bin/dawn +17 -273
- data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
- data/dawnscanner.gemspec +10 -9
- data/doc/change.sh +13 -0
- data/doc/kickstart_kb.tar.gz +0 -0
- data/doc/knowledge_base.rb +650 -0
- data/docs/.placeholder +0 -0
- data/docs/CNAME +1 -0
- data/docs/_config.yml +1 -0
- data/lib/dawn/cli/dawn_cli.rb +139 -0
- data/lib/dawn/core.rb +8 -7
- data/lib/dawn/engine.rb +93 -34
- data/lib/dawn/gemfile_lock.rb +2 -2
- data/lib/dawn/kb/basic_check.rb +1 -2
- data/lib/dawn/kb/combo_check.rb +1 -1
- data/lib/dawn/kb/dependency_check.rb +1 -1
- data/lib/dawn/kb/operating_system_check.rb +1 -1
- data/lib/dawn/kb/pattern_match_check.rb +10 -9
- data/lib/dawn/kb/ruby_version_check.rb +11 -10
- data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
- data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
- data/lib/dawn/kb/version_check.rb +41 -24
- data/lib/dawn/knowledge_base.rb +259 -595
- data/lib/dawn/reporter.rb +2 -1
- data/lib/dawn/utils.rb +5 -2
- data/lib/dawn/version.rb +5 -5
- data/lib/dawnscanner.rb +7 -6
- data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
- data/spec/lib/kb/dependency_check.yml +29 -0
- metadata +30 -496
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
- data/lib/dawn/kb/cve_2004_0755.rb +0 -33
- data/lib/dawn/kb/cve_2004_0983.rb +0 -31
- data/lib/dawn/kb/cve_2005_1992.rb +0 -31
- data/lib/dawn/kb/cve_2005_2337.rb +0 -33
- data/lib/dawn/kb/cve_2006_1931.rb +0 -30
- data/lib/dawn/kb/cve_2006_2582.rb +0 -28
- data/lib/dawn/kb/cve_2006_3694.rb +0 -31
- data/lib/dawn/kb/cve_2006_4112.rb +0 -27
- data/lib/dawn/kb/cve_2006_5467.rb +0 -28
- data/lib/dawn/kb/cve_2006_6303.rb +0 -28
- data/lib/dawn/kb/cve_2006_6852.rb +0 -27
- data/lib/dawn/kb/cve_2006_6979.rb +0 -29
- data/lib/dawn/kb/cve_2007_0469.rb +0 -29
- data/lib/dawn/kb/cve_2007_5162.rb +0 -28
- data/lib/dawn/kb/cve_2007_5379.rb +0 -27
- data/lib/dawn/kb/cve_2007_5380.rb +0 -29
- data/lib/dawn/kb/cve_2007_5770.rb +0 -30
- data/lib/dawn/kb/cve_2007_6077.rb +0 -31
- data/lib/dawn/kb/cve_2007_6612.rb +0 -30
- data/lib/dawn/kb/cve_2008_1145.rb +0 -38
- data/lib/dawn/kb/cve_2008_1891.rb +0 -38
- data/lib/dawn/kb/cve_2008_2376.rb +0 -30
- data/lib/dawn/kb/cve_2008_2662.rb +0 -33
- data/lib/dawn/kb/cve_2008_2663.rb +0 -32
- data/lib/dawn/kb/cve_2008_2664.rb +0 -33
- data/lib/dawn/kb/cve_2008_2725.rb +0 -31
- data/lib/dawn/kb/cve_2008_3655.rb +0 -37
- data/lib/dawn/kb/cve_2008_3657.rb +0 -37
- data/lib/dawn/kb/cve_2008_3790.rb +0 -30
- data/lib/dawn/kb/cve_2008_3905.rb +0 -36
- data/lib/dawn/kb/cve_2008_4094.rb +0 -27
- data/lib/dawn/kb/cve_2008_4310.rb +0 -100
- data/lib/dawn/kb/cve_2008_5189.rb +0 -27
- data/lib/dawn/kb/cve_2008_7248.rb +0 -27
- data/lib/dawn/kb/cve_2009_4078.rb +0 -29
- data/lib/dawn/kb/cve_2009_4124.rb +0 -30
- data/lib/dawn/kb/cve_2009_4214.rb +0 -27
- data/lib/dawn/kb/cve_2010_1330.rb +0 -28
- data/lib/dawn/kb/cve_2010_2489.rb +0 -60
- data/lib/dawn/kb/cve_2010_3933.rb +0 -27
- data/lib/dawn/kb/cve_2011_0188.rb +0 -67
- data/lib/dawn/kb/cve_2011_0446.rb +0 -28
- data/lib/dawn/kb/cve_2011_0447.rb +0 -28
- data/lib/dawn/kb/cve_2011_0739.rb +0 -28
- data/lib/dawn/kb/cve_2011_0995.rb +0 -61
- data/lib/dawn/kb/cve_2011_1004.rb +0 -34
- data/lib/dawn/kb/cve_2011_1005.rb +0 -31
- data/lib/dawn/kb/cve_2011_2197.rb +0 -27
- data/lib/dawn/kb/cve_2011_2686.rb +0 -29
- data/lib/dawn/kb/cve_2011_2705.rb +0 -32
- data/lib/dawn/kb/cve_2011_2929.rb +0 -27
- data/lib/dawn/kb/cve_2011_2930.rb +0 -28
- data/lib/dawn/kb/cve_2011_2931.rb +0 -30
- data/lib/dawn/kb/cve_2011_2932.rb +0 -27
- data/lib/dawn/kb/cve_2011_3009.rb +0 -28
- data/lib/dawn/kb/cve_2011_3186.rb +0 -29
- data/lib/dawn/kb/cve_2011_3187.rb +0 -29
- data/lib/dawn/kb/cve_2011_4319.rb +0 -30
- data/lib/dawn/kb/cve_2011_4815.rb +0 -28
- data/lib/dawn/kb/cve_2011_5036.rb +0 -26
- data/lib/dawn/kb/cve_2012_1098.rb +0 -30
- data/lib/dawn/kb/cve_2012_1099.rb +0 -27
- data/lib/dawn/kb/cve_2012_1241.rb +0 -27
- data/lib/dawn/kb/cve_2012_2139.rb +0 -26
- data/lib/dawn/kb/cve_2012_2140.rb +0 -27
- data/lib/dawn/kb/cve_2012_2660.rb +0 -28
- data/lib/dawn/kb/cve_2012_2661.rb +0 -27
- data/lib/dawn/kb/cve_2012_2671.rb +0 -28
- data/lib/dawn/kb/cve_2012_2694.rb +0 -30
- data/lib/dawn/kb/cve_2012_2695.rb +0 -27
- data/lib/dawn/kb/cve_2012_3424.rb +0 -29
- data/lib/dawn/kb/cve_2012_3463.rb +0 -27
- data/lib/dawn/kb/cve_2012_3464.rb +0 -27
- data/lib/dawn/kb/cve_2012_3465.rb +0 -26
- data/lib/dawn/kb/cve_2012_4464.rb +0 -27
- data/lib/dawn/kb/cve_2012_4466.rb +0 -27
- data/lib/dawn/kb/cve_2012_4481.rb +0 -26
- data/lib/dawn/kb/cve_2012_4522.rb +0 -27
- data/lib/dawn/kb/cve_2012_5370.rb +0 -27
- data/lib/dawn/kb/cve_2012_5371.rb +0 -27
- data/lib/dawn/kb/cve_2012_5380.rb +0 -28
- data/lib/dawn/kb/cve_2012_6109.rb +0 -25
- data/lib/dawn/kb/cve_2012_6134.rb +0 -27
- data/lib/dawn/kb/cve_2012_6496.rb +0 -28
- data/lib/dawn/kb/cve_2012_6497.rb +0 -28
- data/lib/dawn/kb/cve_2012_6684.rb +0 -28
- data/lib/dawn/kb/cve_2013_0155.rb +0 -29
- data/lib/dawn/kb/cve_2013_0156.rb +0 -27
- data/lib/dawn/kb/cve_2013_0162.rb +0 -28
- data/lib/dawn/kb/cve_2013_0175.rb +0 -27
- data/lib/dawn/kb/cve_2013_0183.rb +0 -25
- data/lib/dawn/kb/cve_2013_0184.rb +0 -25
- data/lib/dawn/kb/cve_2013_0233.rb +0 -26
- data/lib/dawn/kb/cve_2013_0256.rb +0 -59
- data/lib/dawn/kb/cve_2013_0262.rb +0 -26
- data/lib/dawn/kb/cve_2013_0263.rb +0 -26
- data/lib/dawn/kb/cve_2013_0269.rb +0 -27
- data/lib/dawn/kb/cve_2013_0276.rb +0 -28
- data/lib/dawn/kb/cve_2013_0277.rb +0 -25
- data/lib/dawn/kb/cve_2013_0284.rb +0 -27
- data/lib/dawn/kb/cve_2013_0285.rb +0 -27
- data/lib/dawn/kb/cve_2013_0333.rb +0 -28
- data/lib/dawn/kb/cve_2013_0334.rb +0 -25
- data/lib/dawn/kb/cve_2013_1607.rb +0 -25
- data/lib/dawn/kb/cve_2013_1655.rb +0 -65
- data/lib/dawn/kb/cve_2013_1656.rb +0 -28
- data/lib/dawn/kb/cve_2013_1756.rb +0 -26
- data/lib/dawn/kb/cve_2013_1800.rb +0 -26
- data/lib/dawn/kb/cve_2013_1801.rb +0 -27
- data/lib/dawn/kb/cve_2013_1802.rb +0 -27
- data/lib/dawn/kb/cve_2013_1812.rb +0 -27
- data/lib/dawn/kb/cve_2013_1821.rb +0 -28
- data/lib/dawn/kb/cve_2013_1854.rb +0 -26
- data/lib/dawn/kb/cve_2013_1855.rb +0 -25
- data/lib/dawn/kb/cve_2013_1856.rb +0 -26
- data/lib/dawn/kb/cve_2013_1857.rb +0 -27
- data/lib/dawn/kb/cve_2013_1875.rb +0 -27
- data/lib/dawn/kb/cve_2013_1898.rb +0 -27
- data/lib/dawn/kb/cve_2013_1911.rb +0 -28
- data/lib/dawn/kb/cve_2013_1933.rb +0 -27
- data/lib/dawn/kb/cve_2013_1947.rb +0 -27
- data/lib/dawn/kb/cve_2013_1948.rb +0 -27
- data/lib/dawn/kb/cve_2013_2065.rb +0 -29
- data/lib/dawn/kb/cve_2013_2090.rb +0 -28
- data/lib/dawn/kb/cve_2013_2105.rb +0 -26
- data/lib/dawn/kb/cve_2013_2119.rb +0 -27
- data/lib/dawn/kb/cve_2013_2512.rb +0 -26
- data/lib/dawn/kb/cve_2013_2513.rb +0 -25
- data/lib/dawn/kb/cve_2013_2516.rb +0 -26
- data/lib/dawn/kb/cve_2013_2615.rb +0 -27
- data/lib/dawn/kb/cve_2013_2616.rb +0 -27
- data/lib/dawn/kb/cve_2013_2617.rb +0 -28
- data/lib/dawn/kb/cve_2013_3221.rb +0 -27
- data/lib/dawn/kb/cve_2013_4164.rb +0 -30
- data/lib/dawn/kb/cve_2013_4203.rb +0 -25
- data/lib/dawn/kb/cve_2013_4389.rb +0 -26
- data/lib/dawn/kb/cve_2013_4413.rb +0 -27
- data/lib/dawn/kb/cve_2013_4457.rb +0 -29
- data/lib/dawn/kb/cve_2013_4478.rb +0 -26
- data/lib/dawn/kb/cve_2013_4479.rb +0 -26
- data/lib/dawn/kb/cve_2013_4489.rb +0 -28
- data/lib/dawn/kb/cve_2013_4491.rb +0 -29
- data/lib/dawn/kb/cve_2013_4492.rb +0 -29
- data/lib/dawn/kb/cve_2013_4562.rb +0 -27
- data/lib/dawn/kb/cve_2013_4593.rb +0 -27
- data/lib/dawn/kb/cve_2013_5647.rb +0 -29
- data/lib/dawn/kb/cve_2013_5671.rb +0 -26
- data/lib/dawn/kb/cve_2013_6414.rb +0 -30
- data/lib/dawn/kb/cve_2013_6415.rb +0 -29
- data/lib/dawn/kb/cve_2013_6416.rb +0 -29
- data/lib/dawn/kb/cve_2013_6417.rb +0 -30
- data/lib/dawn/kb/cve_2013_6421.rb +0 -28
- data/lib/dawn/kb/cve_2013_6459.rb +0 -28
- data/lib/dawn/kb/cve_2013_6460.rb +0 -53
- data/lib/dawn/kb/cve_2013_6461.rb +0 -57
- data/lib/dawn/kb/cve_2013_7086.rb +0 -27
- data/lib/dawn/kb/cve_2014_0036.rb +0 -27
- data/lib/dawn/kb/cve_2014_0080.rb +0 -29
- data/lib/dawn/kb/cve_2014_0081.rb +0 -27
- data/lib/dawn/kb/cve_2014_0082.rb +0 -27
- data/lib/dawn/kb/cve_2014_0130.rb +0 -27
- data/lib/dawn/kb/cve_2014_1233.rb +0 -27
- data/lib/dawn/kb/cve_2014_1234.rb +0 -26
- data/lib/dawn/kb/cve_2014_2322.rb +0 -28
- data/lib/dawn/kb/cve_2014_2525.rb +0 -59
- data/lib/dawn/kb/cve_2014_2538.rb +0 -26
- data/lib/dawn/kb/cve_2014_3482.rb +0 -28
- data/lib/dawn/kb/cve_2014_3483.rb +0 -28
- data/lib/dawn/kb/cve_2014_3916.rb +0 -29
- data/lib/dawn/kb/cve_2014_4975.rb +0 -28
- data/lib/dawn/kb/cve_2014_7818.rb +0 -27
- data/lib/dawn/kb/cve_2014_7819.rb +0 -31
- data/lib/dawn/kb/cve_2014_7829.rb +0 -30
- data/lib/dawn/kb/cve_2014_8090.rb +0 -30
- data/lib/dawn/kb/cve_2014_9490.rb +0 -29
- data/lib/dawn/kb/cve_2015_1819.rb +0 -34
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
- data/lib/dawn/kb/cve_2015_2963.rb +0 -27
- data/lib/dawn/kb/cve_2015_3224.rb +0 -26
- data/lib/dawn/kb/cve_2015_3225.rb +0 -28
- data/lib/dawn/kb/cve_2015_3226.rb +0 -27
- data/lib/dawn/kb/cve_2015_3227.rb +0 -28
- data/lib/dawn/kb/cve_2015_3448.rb +0 -29
- data/lib/dawn/kb/cve_2015_4020.rb +0 -34
- data/lib/dawn/kb/cve_2015_5312.rb +0 -30
- data/lib/dawn/kb/cve_2015_7497.rb +0 -32
- data/lib/dawn/kb/cve_2015_7498.rb +0 -32
- data/lib/dawn/kb/cve_2015_7499.rb +0 -32
- data/lib/dawn/kb/cve_2015_7500.rb +0 -32
- data/lib/dawn/kb/cve_2015_7519.rb +0 -31
- data/lib/dawn/kb/cve_2015_7541.rb +0 -31
- data/lib/dawn/kb/cve_2015_7576.rb +0 -35
- data/lib/dawn/kb/cve_2015_7577.rb +0 -34
- data/lib/dawn/kb/cve_2015_7578.rb +0 -30
- data/lib/dawn/kb/cve_2015_7579.rb +0 -30
- data/lib/dawn/kb/cve_2015_7581.rb +0 -33
- data/lib/dawn/kb/cve_2015_8241.rb +0 -32
- data/lib/dawn/kb/cve_2015_8242.rb +0 -32
- data/lib/dawn/kb/cve_2015_8317.rb +0 -32
- data/lib/dawn/kb/cve_2016_0751.rb +0 -32
- data/lib/dawn/kb/cve_2016_0752.rb +0 -35
- data/lib/dawn/kb/cve_2016_0753.rb +0 -31
- data/lib/dawn/kb/cve_2016_2097.rb +0 -35
- data/lib/dawn/kb/cve_2016_2098.rb +0 -35
- data/lib/dawn/kb/cve_2016_5697.rb +0 -30
- data/lib/dawn/kb/cve_2016_6316.rb +0 -33
- data/lib/dawn/kb/cve_2016_6317.rb +0 -32
- data/lib/dawn/kb/cve_2016_6582.rb +0 -43
- data/lib/dawn/kb/not_revised_code.rb +0 -22
- data/lib/dawn/kb/osvdb_105971.rb +0 -29
- data/lib/dawn/kb/osvdb_108530.rb +0 -27
- data/lib/dawn/kb/osvdb_108563.rb +0 -28
- data/lib/dawn/kb/osvdb_108569.rb +0 -28
- data/lib/dawn/kb/osvdb_108570.rb +0 -27
- data/lib/dawn/kb/osvdb_115654.rb +0 -33
- data/lib/dawn/kb/osvdb_116010.rb +0 -30
- data/lib/dawn/kb/osvdb_117903.rb +0 -30
- data/lib/dawn/kb/osvdb_118579.rb +0 -31
- data/lib/dawn/kb/osvdb_118830.rb +0 -32
- data/lib/dawn/kb/osvdb_118954.rb +0 -33
- data/lib/dawn/kb/osvdb_119878.rb +0 -32
- data/lib/dawn/kb/osvdb_119927.rb +0 -33
- data/lib/dawn/kb/osvdb_120415.rb +0 -31
- data/lib/dawn/kb/osvdb_120857.rb +0 -34
- data/lib/dawn/kb/osvdb_121701.rb +0 -30
- data/lib/dawn/kb/osvdb_132234.rb +0 -34
- data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
- data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
- data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
- data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
- data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
- data/lib/dawn/knowledge_base_experimental.rb +0 -245
- data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
- data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
- data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
- data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
- data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
- data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
- data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
- data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
- data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
- data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
- data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
- data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
- data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
- data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
- data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
- data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
- data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
- data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
- data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
- data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
- data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
- data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
- data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
- data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
- data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
- data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
- data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
- data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
- data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
- data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
- data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
- data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
- data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
- data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
- data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
- data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
- data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
- data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
- data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
- data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
- data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
- data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
- data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
- data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
- data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
- data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
- data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
- data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
- data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
- data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
- metadata.gz.sig +0 -0
@@ -1,27 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2013-05-02
|
4
|
-
class CVE_2013_1857
|
5
|
-
include DependencyCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message = "The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence."
|
9
|
-
|
10
|
-
super({
|
11
|
-
:name=>'CVE-2013-1857',
|
12
|
-
:cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
13
|
-
:release_date => Date.new(2013, 3, 19),
|
14
|
-
:cwe=>"79",
|
15
|
-
:owasp=>"A3",
|
16
|
-
:applies=>["rails"],
|
17
|
-
:kind => Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
18
|
-
:message => message,
|
19
|
-
:mitigation=>"Please upgrade rails version at least to 2.3.18, 3.0.8, 3.1.10 and 3.2.11. As a general rule, using the latest stable rails version is recommended.",
|
20
|
-
:aux_links => [ "https://groups.google.com/d/msg/rubyonrails-security/zAAU7vGTPvI/1vZDWXqBuXgJ" ]
|
21
|
-
})
|
22
|
-
self.safe_dependencies = [{:name=>"rails", :version=>['2.3.18', '3.0.8', '3.2.13', '3.1.12']}]
|
23
|
-
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
@@ -1,27 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2013-05-17
|
4
|
-
class CVE_2013_1875
|
5
|
-
include DependencyCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message="command_wrap.rb in the command_wrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename."
|
9
|
-
super({
|
10
|
-
:name=>"CVE-2013-1875",
|
11
|
-
:cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
12
|
-
:release_date => Date.new(2013, 3, 20),
|
13
|
-
:cwe=>"94",
|
14
|
-
:owasp=>"A9",
|
15
|
-
:applies=>["rails", "sinatra", "padrino"],
|
16
|
-
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
17
|
-
:message=>message,
|
18
|
-
:mitigation=>"Please upgrade command_wrap gem to a newer version",
|
19
|
-
:aux_links=>["http://seclists.org/fulldisclosure/2013/Mar/175"]
|
20
|
-
})
|
21
|
-
|
22
|
-
self.safe_dependencies = [{:name=>"fastreader", :version=>['1.0.9']}]
|
23
|
-
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
@@ -1,27 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2013-05-27
|
4
|
-
class CVE_2013_1898
|
5
|
-
include DependencyCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message = "lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
|
9
|
-
super({
|
10
|
-
:name=>"CVE-2013-1898",
|
11
|
-
:cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
12
|
-
:release_date => Date.new(2013, 4, 9),
|
13
|
-
:cwe=>"94",
|
14
|
-
:owasp=>"A9",
|
15
|
-
:applies=>["rails", "padrino", "sinatra"],
|
16
|
-
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
17
|
-
:message=>message,
|
18
|
-
:mitigation=>"Please upgrade Thumbshooter version to the latest version available.",
|
19
|
-
:aux_links=>["http://seclists.org/fulldisclosure/2013/Mar/218"]
|
20
|
-
})
|
21
|
-
|
22
|
-
self.safe_dependencies = [{:name=>"thumbshooter", :version=>['0.1.6']}]
|
23
|
-
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
@@ -1,28 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2013-05-27
|
4
|
-
class CVE_2013_1911
|
5
|
-
include DependencyCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message = "lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name."
|
9
|
-
super({
|
10
|
-
:name=>"CVE-2013-1911",
|
11
|
-
:cvss=>"AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
12
|
-
:release_date => Date.new(2013, 4, 3),
|
13
|
-
:cwe=>"20",
|
14
|
-
:owasp=>"A9",
|
15
|
-
:applies=>["rails", "padrino", "sinatra"],
|
16
|
-
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
17
|
-
:message=>message,
|
18
|
-
:mitigation=>"Please upgrade ldoce version to the latest version available.",
|
19
|
-
:aux_links=>["http://archives.neohapsis.com/archives/bugtraq/2013-04/0010.html"]
|
20
|
-
})
|
21
|
-
|
22
|
-
self.safe_dependencies = [{:name=>"ldoce", :version=>['0.0.3']}]
|
23
|
-
|
24
|
-
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
@@ -1,27 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2013-05-27
|
4
|
-
class CVE_2013_1933
|
5
|
-
include DependencyCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message = "The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename."
|
9
|
-
super({
|
10
|
-
:name=>"CVE-2013-1933",
|
11
|
-
:cvss=>"AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
12
|
-
:release_date => Date.new(2013, 4, 25),
|
13
|
-
:cwe=>"78",
|
14
|
-
:owasp=>"A9",
|
15
|
-
:applies=>["rails", "padrino", "sinatra"],
|
16
|
-
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
17
|
-
:message=>message,
|
18
|
-
:mitigation=>"Please upgrade karteek-docsplit version to the latest version available.",
|
19
|
-
:aux_links=>["http://www.openwall.com/lists/oss-security/2013/04/08/15"]
|
20
|
-
})
|
21
|
-
|
22
|
-
self.safe_dependencies = [{:name=>"karteek-docsplit", :version=>['0.5.5']}]
|
23
|
-
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
@@ -1,27 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2013-05-27
|
4
|
-
class CVE_2013_1947
|
5
|
-
include DependencyCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message = "kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb."
|
9
|
-
super({
|
10
|
-
:name=>"CVE-2013-1947",
|
11
|
-
:cvss=>"AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
12
|
-
:release_date => Date.new(2013, 4, 25),
|
13
|
-
:cwe=>"78",
|
14
|
-
:owasp=>"A9",
|
15
|
-
:applies=>["rails", "padrino", "sinatra"],
|
16
|
-
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
17
|
-
:message=>message,
|
18
|
-
:mitigation=>"Please upgrade kelredd-pruview version to the latest version available.",
|
19
|
-
:aux_links=>["http://www.openwall.com/lists/oss-security/2013/04/10/3"]
|
20
|
-
})
|
21
|
-
|
22
|
-
self.safe_dependencies = [{:name=>"kelredd-pruview", :version=>['0.3.9']}]
|
23
|
-
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
@@ -1,27 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2013-05-27
|
4
|
-
class CVE_2013_1948
|
5
|
-
include DependencyCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message = "converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename."
|
9
|
-
super({
|
10
|
-
:name=>"CVE-2013-1948",
|
11
|
-
:cvss=>"AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
12
|
-
:release_date => Date.new(2013, 4, 25),
|
13
|
-
:cwe=>"",
|
14
|
-
:owasp=>"A9",
|
15
|
-
:applies=>["rails", "padrino", "sinatra"],
|
16
|
-
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
17
|
-
:message=>message,
|
18
|
-
:mitigation=>"Please upgrade md2pdf gem version to the latest version available.",
|
19
|
-
:aux_links=>["http://www.securityfocus.com/bid/59061"]
|
20
|
-
})
|
21
|
-
|
22
|
-
self.safe_dependencies = [{:name=>"md2pdf", :version=>['0.0.2']}]
|
23
|
-
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
@@ -1,29 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2013-10-22
|
4
|
-
class CVE_2013_2065
|
5
|
-
include RubyVersionCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message = "Native functions exposed to Ruby with DL or Fiddle do not check the taint values set on the objects passed in. This can result in tainted objects being accepted as input when a SecurityError exception should be raised."
|
9
|
-
|
10
|
-
# TODO: fix links and info
|
11
|
-
super({
|
12
|
-
:name=>"CVE-2013-2065",
|
13
|
-
:cvss=>"",
|
14
|
-
:release_date => Date.new(2013, 5, 14),
|
15
|
-
:cwe=>"264",
|
16
|
-
:owasp=>"A9",
|
17
|
-
:applies=>["rails", "sinatra", "padrino"],
|
18
|
-
:kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
|
19
|
-
:message=>message,
|
20
|
-
:mitigation=>"Please upgrade ruby interpreter to 1.9.3-p436 or 2.0.0-p195 or latest version available",
|
21
|
-
:aux_links=>["https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/"]
|
22
|
-
})
|
23
|
-
|
24
|
-
self.safe_rubies = [{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p426"}, {:engine=>"ruby", :version=>"2.0.0", :patchlevel=>"p195"}]
|
25
|
-
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
@@ -1,28 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2014-01-07
|
4
|
-
class CVE_2013_2090
|
5
|
-
include DependencyCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message = "Ruby Gem Creme Fraiche version 0.6 suffers from a remote command injection vulnerability due to unsanitized input."
|
9
|
-
super({
|
10
|
-
:name=>"CVE-2013-2090",
|
11
|
-
:cvss=>"",
|
12
|
-
:release_date => Date.new(2013, 5, 14),
|
13
|
-
:cwe=>"",
|
14
|
-
:owasp=>"A9",
|
15
|
-
:applies=>["rails", "sinatra", "padrino"],
|
16
|
-
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
17
|
-
:message=>message,
|
18
|
-
:mitigation=>"Please upgrade cremefraiche gem version to the latest available.",
|
19
|
-
:aux_links=>["http://packetstormsecurity.com/files/cve/CVE-2013-2090"]
|
20
|
-
})
|
21
|
-
|
22
|
-
self.safe_dependencies = [{:name=>"cremefraiche", :version=>['0.6.2']}]
|
23
|
-
|
24
|
-
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
@@ -1,26 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2014-05-12
|
4
|
-
class CVE_2013_2105
|
5
|
-
include DependencyCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message = "The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html."
|
9
|
-
super({
|
10
|
-
:name=>"CVE-2013-2105",
|
11
|
-
:cvss=>"AV:L/AC:M/AU:N/C:N/I:P/A:P",
|
12
|
-
:release_date => Date.new(2014, 4, 22),
|
13
|
-
:cwe=>"59",
|
14
|
-
:owasp=>"A9",
|
15
|
-
:applies=>["sinatra", "padrino", "rails"],
|
16
|
-
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
17
|
-
:message=>message,
|
18
|
-
:mitigation=>"Please upgrade show_in_browser version at least to 0.0.4. As a general rule, using the latest stable version is recommended.",
|
19
|
-
:aux_links=>["http://xforce.iss.net/xforce/xfdb/84378"]
|
20
|
-
})
|
21
|
-
self.safe_dependencies = [{:name=>"show_in_browser", :version=>['0.0.4']}]
|
22
|
-
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
@@ -1,27 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2014-01-10
|
4
|
-
class CVE_2013_2119
|
5
|
-
include DependencyCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message = "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem."
|
9
|
-
super({
|
10
|
-
:name=>"CVE-2013-2119",
|
11
|
-
:cvss=>"AV:L/AC:L/Au:N/C:P/I:P/A:P",
|
12
|
-
:release_date => Date.new(2014, 1, 3),
|
13
|
-
:cwe=>"16",
|
14
|
-
:owasp=>"A9",
|
15
|
-
:applies=>["rails", "sinatra", "padrino"],
|
16
|
-
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
17
|
-
:message=>message,
|
18
|
-
:mitigation=>"Please upgrade passenger to version 3.0.21, 4.0.5 or above",
|
19
|
-
:aux_links=>["http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/", "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/"]
|
20
|
-
})
|
21
|
-
|
22
|
-
self.safe_dependencies = [{:name=>"passenger", :version=>['4.0.5', '3.0.21']}]
|
23
|
-
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
@@ -1,26 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2014-02-07
|
4
|
-
class CVE_2013_2512
|
5
|
-
include DependencyCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message = "ftpd Gem for Ruby contains a flaw that is triggered when handling a specially crafted option or filename that contains a shell character. This may allow a remote attacker to inject arbitrary commands"
|
9
|
-
|
10
|
-
super({
|
11
|
-
:name=>"CVE-2013-2512",
|
12
|
-
:cvss=>"",
|
13
|
-
:release_date => Date.new(2013, 2, 28),
|
14
|
-
:cwe=>"",
|
15
|
-
:owasp=>"A9",
|
16
|
-
:applies=>["rails", "sinatra", "padrino"],
|
17
|
-
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
18
|
-
:message=>message,
|
19
|
-
:mitigation=>"To mitigate this vulnerability you must upgrade ftpd gem version to 0.2.2 or higher.",
|
20
|
-
:aux_links=>["http://packetstormsecurity.com/files/120618/Ruby-Gem-ftpd-0.2.1-Remote-Command-Execution.html"]
|
21
|
-
})
|
22
|
-
self.safe_dependencies = [{:name=>"ftpd", :version=>['0.2.2']}]
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
@@ -1,25 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2014-02-07
|
4
|
-
class CVE_2013_2513
|
5
|
-
include DependencyCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message = "flash_tool Gem for Ruby contains a flaw that is triggered during the handling of downloaded files that contain shell characters. With a specially crafted file, a context-dependent attacker can execute arbitrary commands."
|
9
|
-
super({
|
10
|
-
:name=>"CVE-2013-2513",
|
11
|
-
:cvss=>"",
|
12
|
-
:release_date => Date.new(2013, 3, 4),
|
13
|
-
:cwe=>"",
|
14
|
-
:owasp=>"A9",
|
15
|
-
:applies=>["rails", "sinatra", "padrino"],
|
16
|
-
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
17
|
-
:message=>message,
|
18
|
-
:mitigation=>"At the time of writing this, there is no solution to this vulnerability by software upgrade since latest version is still 0.6.0. You may want to sanitize your input before passing to offendend library.",
|
19
|
-
:aux_links=>["http://packetstormsecurity.com/files/120626/Flash-Tool-0.6.0-Remote-Code-Execution.html"]
|
20
|
-
})
|
21
|
-
self.safe_dependencies = [{:name=>"flash_tool", :version=>['0.6.1']}]
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|
@@ -1,26 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2014-02-06
|
4
|
-
class CVE_2013_2516
|
5
|
-
include DependencyCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message = "fileutils Gem for Ruby contains a flaw in file_utils.rb. The issue is triggered when handling a specially crafted URL containing a command after a delimiter (;). This may allow a remote attacker to potentially execute arbitrary commands."
|
9
|
-
super({
|
10
|
-
:name=>"CVE-2013-2516",
|
11
|
-
:cvss=>"",
|
12
|
-
:release_date => Date.new(2013, 2, 28),
|
13
|
-
:cwe=>"",
|
14
|
-
:owasp=>"A9",
|
15
|
-
:applies=>["rails", "sinatra", "padrino"],
|
16
|
-
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
17
|
-
:message=>message,
|
18
|
-
:mitigation=>"At the time of writing this, there is no solution to this vulnerability by software upgrade since latest version is still 0.7. You may want to sanitize your input before passing to offendend library.",
|
19
|
-
:aux_links=>["http://packetstormsecurity.com/files/120579/Fileutils-Ruby-Gem-Remote-Command-Execution.html"]
|
20
|
-
})
|
21
|
-
self.safe_dependencies = [{:name=>"fileutils", :version=>['0.8']}]
|
22
|
-
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
@@ -1,27 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2013-05-17
|
4
|
-
class CVE_2013_2615
|
5
|
-
include DependencyCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message = "lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
|
9
|
-
super({
|
10
|
-
:name=>"CVE-2013-2615",
|
11
|
-
:cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
12
|
-
:release_date => Date.new(2013, 3, 20),
|
13
|
-
:cwe=>"94",
|
14
|
-
:owasp=>"A9",
|
15
|
-
:applies=>["rails", "sinatra", "padrino"],
|
16
|
-
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
17
|
-
:message=>message,
|
18
|
-
:mitigation=>"Please upgrade fastreader gem to a newer version",
|
19
|
-
:aux_links=>["http://seclists.org/fulldisclosure/2013/Mar/122"]
|
20
|
-
})
|
21
|
-
|
22
|
-
self.safe_dependencies = [{:name=>"fastreader", :version=>['1.0.9']}]
|
23
|
-
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
@@ -1,27 +0,0 @@
|
|
1
|
-
module Dawn
|
2
|
-
module Kb
|
3
|
-
# Automatically created with rake on 2013-05-27
|
4
|
-
class CVE_2013_2616
|
5
|
-
include DependencyCheck
|
6
|
-
|
7
|
-
def initialize
|
8
|
-
message = "lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
|
9
|
-
super({
|
10
|
-
:name=>"CVE-2013-2616",
|
11
|
-
:cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
12
|
-
:release_date => Date.new(2013, 3, 20),
|
13
|
-
:cwe=>"94",
|
14
|
-
:owasp=>"A9",
|
15
|
-
:applies=>["rails", "padrino", "sinatra"],
|
16
|
-
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
17
|
-
:message=>message,
|
18
|
-
:mitigation=>"Please upgrade mini_magick gem version to the latest version available.",
|
19
|
-
:aux_links=>["http://seclists.org/fulldisclosure/2013/Mar/123"]
|
20
|
-
})
|
21
|
-
|
22
|
-
self.safe_dependencies = [{:name=>"mini_magick", :version=>['1.3.2']}]
|
23
|
-
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|