class Dawn::Kb::OSVDB_118579

Automatically created with rake on 2015-04-04

Public Class Methods

new() click to toggle source

include RubyVersionCheck

Calls superclass method Dawn::Kb::DependencyCheck::new
# File lib/dawn/kb/osvdb_118579.rb, line 10
                      def initialize
message = "xaviershay-dm-rails Gem for Ruby contains a flaw in the execute() function in /datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb. The issue is due to the function exposing sensitive information via the process table. This may allow a local attack to gain access to MySQL credential information."
super({
  :name=> "OSVDB_118579",
  :cve=>"2015-2179",
  :osvdb=>"118579",
  :cvss=>"",
  :release_date => Date.new(2015, 2, 17),
  :cwe=>"",
  :owasp=>"A9",
  :applies=>["rails"],
  :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
  :message=>message,
  :mitigation=>"We are not currently aware of a solution for this vulnerability (4 April 2015)",
  :aux_links=>[""]
 })
 self.safe_dependencies = [{:name=>"xaviershay-dm-rails", :version=>['0.8.0']}]

                      end