class Dawn::Kb::CVE_2015_3227

Automatically created with rake on 2015-07-29

Public Class Methods

new() click to toggle source
Calls superclass method Dawn::Kb::DependencyCheck::new
# File lib/dawn/kb/cve_2015_3227.rb, line 7
                      def initialize
message = "The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth."

super({
  :name=>"CVE-2015-3227",
  :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
  :release_date => Date.new(2015, 7, 26),
  :cwe=>"",
  :owasp=>"A9",
  :applies=>["sinatra", "padrino", "rails"],
  :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
  :message=>message,
  :mitigation=>"Please upgrade activesupport gem to latest version or at least 4.1.12 or 4.2.3. This is automatically done by upgrading your Rails environment if you are using it.",
  :aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J"]
 })
self.save_minor = true
self.safe_dependencies = [{:name=>"activesupport", :version=>['4.1.12', '4.2.3']}]
self.save_major = true
                      end