class Dawn::Kb::CVE_2013_6461
Public Class Methods
new()
click to toggle source
Calls superclass method
Dawn::Kb::ComboCheck::new
# File lib/dawn/kb/cve_2013_6461.rb, line 33 def initialize message = "There is an entity expansion vulnerability in Nokogiri when using JRuby. Nokogiri users on JRuby using the native Java extension. Attackers can send XML documents with carefully crafted entity expansion strings which can cause the server to run out of memory and crash." super({ :name=>"CVE-2013-6461", :cvss=>"AV:N/AC:M/Au:N/C:N/I:N/A:P", :release_date => Date.new(2013, 12, 15), :cwe=>"", :owasp=>"A9", :applies=>["rails", "sinatra", "padrino"], :kind=>Dawn::KnowledgeBase::COMBO_CHECK, :message=>message, :mitigation=>"Please upgrade nokogiri gem to a newer version", :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA"], :checks=>[CVE_2013_6461_a.new, CVE_2013_6461_b.new] }) end