Class: Dawn::Kb::CVE_2016_0753

Inherits:
Object
  • Object
show all
Includes:
DependencyCheck
Defined in:
lib/dawn/kb/cve_2016_0753.rb

Overview

Automatically created with rake on 2016-02-01

Constant Summary

Constants included from BasicCheck

BasicCheck::ALLOWED_FAMILIES

Instance Attribute Summary

Attributes included from DependencyCheck

#aux_mitigation_gem, #dependencies, #not_affected, #safe_dependencies, #save_major, #save_minor

Attributes included from BasicCheck

#applies, #aux_links, #check_family, #cve, #cvss, #cwe, #debug, #evidences, #fixes_version, #kind, #message, #mitigated, #name, #osvdb, #owasp, #priority, #release_date, #remediation, #ruby_version, #ruby_vulnerable_versions, #severity, #status, #target_version, #title

Instance Method Summary collapse

Methods included from DependencyCheck

#vuln?

Methods included from BasicCheck

#applies_to?, #cve_link, #cvss_score, families, #family, #family=, #lint, #mitigated?, #nvd_link, #osvdb_link, #rubysec_advisories_link

Methods included from Utils

#__debug_me_and_return, #debug_me, #debug_me_and_return_false, #debug_me_and_return_true

Constructor Details

#initializeCVE_2016_0753

Returns a new instance of CVE_2016_0753.


7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# File 'lib/dawn/kb/cve_2016_0753.rb', line 7

def initialize
      message = "There is a possible input validation circumvention vulnerability in Active Model. Code that uses Active Model based models (including Active Record models) and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations."
       super({
        :title=>title,
        :name=> "CVE-2016-0753",
        :cve=>"2016-0753",
        :osvdb=>"",
        :cvss=>"",
        :release_date => Date.new(2016, 1, 26),
        :cwe=>"",
        :owasp=>"A9",
        :applies=>["rails", "sinatra", "padrino"],
        :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
        :message=>message,
        :mitigation=>"Please upgrade activemodel gem to version 3.2.22.1, 4.1.14.1, 4.2.5.1, 5.0.0.beta1.1 or later.",
        :aux_links=>["http://securitytracker.com/id/1034816"]
       })
      self.save_minor=true
      self.save_major=true
      self.safe_dependencies = [{:name=>"activemodel", :version=>['3.2.22.1', '4.1.14.1', '4.2.5.1', '5.0.0.beta1.1']}]

end