Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2016-2098 incorrectly flagged for Rails 4.2.6 #197

Closed
monfresh opened this issue Mar 8, 2016 · 2 comments
Closed

CVE-2016-2098 incorrectly flagged for Rails 4.2.6 #197

monfresh opened this issue Mar 8, 2016 · 2 comments
Assignees
@thesp0nge
Labels
bug

Comments

@monfresh
Copy link

monfresh commented Mar 8, 2016

This CVE was fixed in 4.2.5.2. 4.2.6 is greater than 4.2.5.2, so it should not be vulnerable. Yet, dawnscanner is reporting a vulnerability.
@thesp0nge thesp0nge added the bug label Mar 9, 2016
@thesp0nge thesp0nge modified the milestone: v1-7-0 Mar 9, 2016
@thesp0nge thesp0nge self-assigned this Mar 9, 2016
@baburdick
Copy link

Also wrong for 4.1.15 (fixed in 4.1.14.2).

@MKgridSec
Copy link

Hello,
#205
Should resolve this false positive.

thesp0nge added a commit that referenced this issue Sep 6, 2016
@thesp0nge
+* Issue #197 - Applying PULL REQUEST from @MKgridSec about CVE-2016-…
6d99a81 
…2098

   incorrectly flagged
thesp0nge added a commit that referenced this issue Sep 6, 2016
@thesp0nge
Merge pull request #205 from MKgridSec/issue-#197_CVE-2016-2098-False…
db90af7 
…-Positive

Issue #197 CVE 2016 2098 False Positive
thesp0nge added a commit that referenced this issue Sep 6, 2016
@thesp0nge
+* Issue #197 - Applying PULL REQUEST from @MKgridSec about CVE-2016-…
16d339b 
…2098

+  incorrectly flagged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thesp0nge thesp0nge

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@baburdick @thesp0nge @monfresh @MKgridSec