@@ -32,7 +32,8 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
:warning_type=>"Cross-Site Request Forgery",
:message=>"CSRF protection is flawed in unpatched versions of Rails #{tracker.config[:rails_version]} (CVE-2011-0447). Upgrade to 2.3.11 or apply patches as needed",
@@ -40,7 +41,8 @@ class Brakeman::CheckForgerySetting < Brakeman::BaseCheck
:warning_type=>"Cross-Site Request Forgery",
:message=>"CSRF protection is flawed in unpatched versions of Rails #{tracker.config[:rails_version]} (CVE-2011-0447). Upgrade to 3.0.4 or apply patches as needed",
@@ -94,7 +94,8 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
warn:warning_type=>'SQL Injection',
:message=>'All versions of Rails before 3.0.13, 3.1.5, and 3.2.5 contain a SQL Query Generation Vulnerability: CVE-2012-2660; Upgrade to 3.2.5, 3.1.5, 3.0.13',
@@ -103,7 +104,8 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
warn:warning_type=>'SQL Injection',
:message=>'All versions of Rails before 3.0.13, 3.1.5, and 3.2.5 contain a SQL Injection Vulnerability: CVE-2012-2661; Upgrade to 3.2.5, 3.1.5, 3.0.13',
@@ -112,7 +114,8 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
warn:warning_type=>'SQL Injection',
:message=>'All versions of Rails before 3.0.14, 3.1.6, and 3.2.6 contain SQL Injection Vulnerabilities: CVE-2012-2694 and CVE-2012-2695; Upgrade to 3.2.6, 3.1.6, 3.0.14',