ID UBUNTU_USN-4560-1.NASL Type nessus Reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2020-10-02T00:00:00
Description
The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the
USN-4560-1 advisory.
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode
parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does
escaping for XSS by default without relying on MultiJson. (CVE-2020-25739)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4560-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('compat.inc');
if (description)
{
script_id(141111);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/11/24");
script_cve_id("CVE-2020-25739");
script_xref(name:"USN", value:"4560-1");
script_name(english:"Ubuntu 18.04 LTS : Gon gem vulnerability (USN-4560-1)");
script_summary(english:"Checks the dpkg output for the updated package");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the
USN-4560-1 advisory.
- An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode
parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does
escaping for XSS by default without relying on MultiJson. (CVE-2020-25739)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4560-1");
script_set_attribute(attribute:"solution", value:
"Update the affected ruby-gon package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25739");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/23");
script_set_attribute(attribute:"patch_publication_date", value:"2020/09/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ruby-gon");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('audit.inc');
include('ubuntu.inc');
include('misc_func.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item('Host/Ubuntu/release');
if ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
release = chomp(release);
if (! preg(pattern:"^(18\.04)$", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
pkgs = [
{'osver': '18.04', 'pkgname': 'ruby-gon', 'pkgver': '6.1.0-1+deb9u1build0.18.04.1'}
];
flag = 0;
foreach package_array ( pkgs ) {
osver = NULL;
pkgname = NULL;
pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby-gon');
}
{"id": "UBUNTU_USN-4560-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 18.04 LTS : Gon gem vulnerability (USN-4560-1)", "description": "The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the\nUSN-4560-1 advisory.\n\n - An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode\n parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does\n escaping for XSS by default without relying on MultiJson. (CVE-2020-25739)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2020-10-02T00:00:00", "modified": "2020-10-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/141111", "reporter": "Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://ubuntu.com/security/notices/USN-4560-1"], "cvelist": ["CVE-2020-25739"], "type": "nessus", "lastseen": "2020-11-25T15:14:35", "edition": 2, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-25739"]}, {"type": "ubuntu", "idList": ["USN-4560-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2380-1:8A2D8"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2380.NASL"]}], "modified": "2020-11-25T15:14:35", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2020-11-25T15:14:35", "rev": 2}, "vulnersScore": 5.3}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4560-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141111);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/24\");\n\n script_cve_id(\"CVE-2020-25739\");\n script_xref(name:\"USN\", value:\"4560-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Gon gem vulnerability (USN-4560-1)\");\n script_summary(english:\"Checks the dpkg output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the\nUSN-4560-1 advisory.\n\n - An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode\n parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does\n escaping for XSS by default without relying on MultiJson. (CVE-2020-25739)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4560-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby-gon package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25739\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby-gon\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'ruby-gon', 'pkgver': '6.1.0-1+deb9u1build0.18.04.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby-gon');\n}", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "141111", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:ruby-gon", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "scheme": null}
{"cve": [{"lastseen": "2021-02-02T07:37:03", "description": "An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.", "edition": 8, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-09-23T14:15:00", "title": "CVE-2020-25739", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25739"], "modified": "2020-10-05T23:15:00", "cpe": ["cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-25739", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25739", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-09-30T22:58:26", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25739"], "description": "It was discovered that Gon gem did not properly escape certain input. An \nattacker could use this vulnerability to execute a cross-site scripting \n(XSS) attack.", "edition": 1, "modified": "2020-09-30T00:00:00", "published": "2020-09-30T00:00:00", "id": "USN-4560-1", "href": "https://ubuntu.com/security/notices/USN-4560-1", "title": "Gon gem vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2020-10-01T00:51:47", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25739"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2380-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Chris Lamb\nSeptember 26, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : ruby-gon\nVersion : 6.1.0-1+deb9u1\nCVE ID : CVE-2020-25739\nDebian Bug : #970938\n\nIt was discovered that there was a cross-site scripting (XSS)\nvulnerability in ruby-gon, a Ruby library to send/convert data to\nJavascript from a Ruby application.\n\nFor Debian 9 "Stretch", this problem has been fixed in version\n6.1.0-1+deb9u1.\n\nWe recommend that you upgrade your ruby-gon packages.\n\nFor the detailed security status of ruby-gon please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/ruby-gon\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 2, "modified": "2020-09-26T09:39:22", "published": "2020-09-26T09:39:22", "id": "DEBIAN:DLA-2380-1:8A2D8", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202009/msg00018.html", "title": "[SECURITY] [DLA 2380-1] ruby-gon security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2020-10-06T05:29:53", "description": "It was discovered that there was a cross-site scripting (XSS)\nvulnerability in ruby-gon, a Ruby library to send/convert data to\nJavaScript from a Ruby application.\n\nFor Debian 9 'Stretch', this problem has been fixed in version\n6.1.0-1+deb9u1.\n\nWe recommend that you upgrade your ruby-gon packages.\n\nFor the detailed security status of ruby-gon please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/ruby-gon\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 3, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-09-28T00:00:00", "title": "Debian DLA-2380-1 : ruby-gon security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25739"], "modified": "2020-09-28T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby-gon", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2380.NASL", "href": "https://www.tenable.com/plugins/nessus/140806", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2380-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140806);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/05\");\n\n script_cve_id(\"CVE-2020-25739\");\n\n script_name(english:\"Debian DLA-2380-1 : ruby-gon security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that there was a cross-site scripting (XSS)\nvulnerability in ruby-gon, a Ruby library to send/convert data to\nJavaScript from a Ruby application.\n\nFor Debian 9 'Stretch', this problem has been fixed in version\n6.1.0-1+deb9u1.\n\nWe recommend that you upgrade your ruby-gon packages.\n\nFor the detailed security status of ruby-gon please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/ruby-gon\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/09/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/ruby-gon\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/ruby-gon\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected ruby-gon package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-gon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"ruby-gon\", reference:\"6.1.0-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
