Skip to content

4 Execution Output

Jump to bottom
Lazaro Herrera edited this page May 28, 2017 · 8 revisions

This is the fourth page of the wiki, and will deal with the raw output of the tools used in this project.

This page has been written at the "informational" level, with the assumptions that

  1. "no commands will be executed"
  2. "no explanations will be given since they exist in the original code"

Care will be taken to provide "plain English" documentation, but this is really just a raw dump of the output of the tools. Aside from running the tools, it is recommended to search through the code (sections that are compromised will be clearly marked with "XXX".

bundler-audit output

Lazaros-MBP:darnbrokenrails lazaroherrera$ bundle-audit Name: devise Version: 2.2.8 Advisory: CVE-2015-8314 Criticality: Unknown URL: http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/ Title: Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie Solution: upgrade to >= 3.5.4

Name: mail Version: 2.5.4 Advisory: 131677 Criticality: Unknown URL: http://www.mbsd.jp/Whitepaper/smtpi.pdf Title: Mail Gem for Ruby vulnerable to SMTP Injection via recipient email addresses Solution: upgrade to >= 2.6.0

Name: paperclip Version: 4.1.0 Advisory: CVE-2015-2963 Criticality: Medium URL: https://robots.thoughtbot.com/paperclip-security-release Title: Paperclip Gem for Ruby vulnerable to content type spoofing Solution: upgrade to >= 4.2.2

Vulnerabilities found!

Clone this wiki locally