class Dawn::Kb::CVE_2015_7579
Automatically created with rake on 2016-01-31
Public Class Methods
new()
click to toggle source
Calls superclass method
Dawn::Kb::DependencyCheck::new
# File lib/dawn/kb/cve_2015_7579.rb, line 7 def initialize message = "There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's strip_tags. Due to the way that Rails::Html::FullSanitizer is implemented, if an attacker passes an already escaped HTML entity to the input of Action View's strip_tags these entities will be unescaped what may cause a XSS attack if used in combination with raw or html_safe." super({ :title=>title, :name=> "CVE-2015-7579", :cve=>"2015-7579", :osvdb=>"", :cvss=>"", :release_date => Date.new(2016, 1, 26), :cwe=>"", :owasp=>"A9", :applies=>["rails", "sinatra", "padrino"], :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, :message=>message, :mitigation=>"Please upgrade rails-html-sanitizer to version 1.0.3 or later.", :aux_links=>["http://securitytracker.com/id/1034816"] }) self.safe_dependencies = [{:name=>"rails-html-sanitizer", :version=>['1.0.3']}] self.not_affected = {:name=>"rails-html-sanitizer", :version=>['1.0.0', '1.0.1']} end