class Dawn::Kb::CVE_2013_0256

Public Class Methods

new() click to toggle source
Calls superclass method Dawn::Kb::ComboCheck::new
# File lib/dawn/kb/cve_2013_0256.rb, line 40
                      def initialize
message = "darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL."
super({
  :name=>"CVE-2013-0256",
  :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
  :release_date => Date.new(2013, 3, 1),
  :cwe=>"79",
  :owasp=>"A3", 
  :applies=>["sinatra", "padrino", "rails"],
  :kind=>Dawn::KnowledgeBase::COMBO_CHECK,
  :message=>message,
  :mitigation=>"Please upgrade rdoc version at least to 2.3.1, 3.13 or 4.0.0. As a general rule, using the latest stable version is recommended.",
  :aux_links=>["http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2"],
  :checks=>[CVE_2013_0256_a.new, CVE_2013_0256_b.new]
})

                      end