Comments (6)
thesp0nge
commented on July 23, 2024
Hi Florian thank you for the issue. I will check it.
Paolo
Il 03/gen/2014 09:50 "Florian Frank" [email protected] ha scritto:
See dawn's output here:
09:38:41 [!] dawn: Vulnerable cocaine gem version found: 0.3.2
But apparently only some versions >= 0.4 are actually vulnerable, see here:
The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent
attackers to execute arbitrary commands via a crafted has object, related
to recursive variable interpolation.[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4457]
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/19
.
from dawnscanner.
thesp0nge
commented on July 23, 2024
Should be fixed now. @flori can you confirm this?
from dawnscanner.
flori
commented on July 23, 2024
No, 0.3.2 is still reported as vulnerable.
But I noticed that some of the spec files aren't run, because they're missing the _spec suffix: 389db92
from dawnscanner.
thesp0nge
commented on July 23, 2024
@flori a lame error for spec files. Now the cocaine check should be fixed. Can you please confirm this?
The bug was in the is_vulnerable_version? routine and it affects all dependency checks where the patch level was the one to make the check to be true or false.
So this fix will affect also other checks.
from dawnscanner.
flori
commented on July 23, 2024
A bit late confirmation: This works now.
from dawnscanner.
thesp0nge
commented on July 23, 2024
Great :)
Il 14/gen/2014 17:56 "Florian Frank" [email protected] ha scritto:
A bit late confirmation: This works now.
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/19#issuecomment-32283234
.
from dawnscanner.
Related Issues (20)
- Rewrite CVE_2011_0995
- Rewrite CVE_2013_0256
- Rewrite CVE_2013_6461
- Rewrite cve_2015_1840
- Fix hardcoded knowledge base path HOT 1
- ptools 1.3.6 check_bom: undefined method HOT 3
- Cannot run dawnscanner against the src code of a ruby applcation HOT 2
- `--json` outputs invalid JSON
- Issue with Ruby 3.0.0
- Uninitialized constant FileUtils HOT 1
- File.exists is removed from ruby 3.2 (was deprecated in 2.7). HOT 1
- kb.yaml signature mismatch for thesp0nge/dawnscanner_knowledge_base 1.0.0 HOT 2
- Parsing support with 'parser' gem
- Make KB path configurable
- Redesign knowledge base upgrade procedure
- Integrate CVSS gem as internal code
- Removing dawnscanner Rake tasks
- guess_mvc': can't read pyth-agent-1.4.0/Gemfile.lock (ArgumentError)
- Hackweek 2023: parse a simple sinatra application
- Hackweek 2023: allow a single file to be a good target
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dawnscanner.