class Dawn::Kb::CVE_2013_1655
Public Class Methods
new()
click to toggle source
Calls superclass method
Dawn::Kb::ComboCheck::new
# File lib/dawn/kb/cve_2013_1655.rb, line 43 def initialize message = "Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to \"serialized attributes.\"" super({ :name=>"CVE-2013-1655", :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P", :release_date => Date.new(2013, 3, 20), :cwe=>"20", :owasp=>"A9", :applies=>["rails", "sinatra", "padrino"], :kind=>Dawn::KnowledgeBase::COMBO_CHECK, :message=>message, :mitigation=>"Please upgrade puppet gem to a newer version", :aux_links=>["https://puppetlabs.com/security/cve/cve-2013-1655/"], :checks=>[CVE_2013_1655_a.new, CVE_2013_1655_b.new] }) end