class Dawn::Kb::CVE_2016_0753

Automatically created with rake on 2016-02-01

Public Class Methods

new() click to toggle source
Calls superclass method Dawn::Kb::DependencyCheck::new
# File lib/dawn/kb/cve_2016_0753.rb, line 7
                      def initialize
message = "There is a possible input validation circumvention vulnerability in Active Model. Code that uses Active Model based models (including Active Record models) and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations."
 super({
  :title=>title,
  :name=> "CVE-2016-0753",
  :cve=>"2016-0753",
  :osvdb=>"",
  :cvss=>"",
  :release_date => Date.new(2016, 1, 26),
  :cwe=>"",
  :owasp=>"A9",
  :applies=>["rails", "sinatra", "padrino"],
  :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
  :message=>message,
  :mitigation=>"Please upgrade activemodel gem to version 3.2.22.1, 4.1.14.1, 4.2.5.1, 5.0.0.beta1.1 or later.",
  :aux_links=>["http://securitytracker.com/id/1034816"]
 })
self.save_minor=true
self.save_major=true
self.safe_dependencies = [{:name=>"activemodel", :version=>['3.2.22.1', '4.1.14.1', '4.2.5.1', '5.0.0.beta1.1']}]

                      end