-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathexample.finding.json
More file actions
27 lines (27 loc) · 978 Bytes
/
example.finding.json
File metadata and controls
27 lines (27 loc) · 978 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
{
"name": "Remote Code Execution",
"description": "Remote Code Execution",
"detail": "Rails 3.2.12 with globbing routes is vulnerable to directory traversal and remote code execution. Patch or upgrade to 3.2.18 http://brakemanscanner.org/docs/warning_types/remote_code_execution/",
"severity": "medium",
"confidence": "medium",
"priority": "high",
"fingerprint": "2153b4047940d99e694a7e1b7c51b3eff1ca8dee4b796cab17ad1af0763248a2",
"timestamp": "2017-09-14T16:09:39.896Z",
"source": "brakeman",
"location": "config/routes.rb",
"cvss": 3.5,
"cvss3score": 3,
"cvss3vector": "AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:U/CR:L/IR:L/AR:L/MAV:A/MAC:L/MPR:N/MUI:N/MS:U/MC:N/MI:N/MA:N",
"references": [
"https://www.owasp.org/index.php/Path_Traversal",
"https://www.owasp.org/index.php/Command_Injection"
],
"cwes": [
"https://cwe.mitre.org/data/definitions/23.html",
"https://cwe.mitre.org/data/definitions/78.html"
],
"tags": [
"java",
"ruby"
]
}