Class: Dawn::Kb::OSVDB_118954

# File 'lib/dawn/kb/osvdb_118954.rb', line 10

def initialize
      message = "Ruby on Rails contains a flaw that is triggered when handling a to_json call to ActiveModel::Name, which can cause an infinite loop. This may allow a remote attacker to cause a denial of service."
      super({
        :name=> "OSVDB_118954",
        :cve=>"",
        :osvdb=>"118954",
        :cvss=>"",
        :release_date => Date.new(2015, 2, 28),
        :cwe=>"",
        :owasp=>"A9",
        :applies=>["rails"],
        :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
        :message=>message,
        :mitigation=>"Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been committed to the source code repository (e.g. GIT, CVS, SVN) that addresses this vulnerability. Until it is incorporated into the next release of the software, manually patching an existing installation is the only known available solution. Check the vendor links in the references section for more information.",
        :aux_links=>[""]
       })
      self.safe_dependencies = [{:name=>"rails", :version=>['99.99.99']}]

end

Class: Dawn::Kb::OSVDB_118954

Overview

Constant Summary

Constants included from BasicCheck

Instance Attribute Summary

Attributes included from DependencyCheck

Attributes included from BasicCheck

Instance Method Summary collapse

Methods included from DependencyCheck

Methods included from BasicCheck

Methods included from Utils

Constructor Details

#initialize ⇒ OSVDB_118954

#initialize ⇒ `OSVDB_118954`