CVE-2016-2098 check not working (Rails 3.2.22.5 classified as "before 3.2.22.2")

The CVE is for rails versions (including actionpack) before 3.2.22.2: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098
But dawn considers 3.2.22.5 evidence. See log below:
$ bundle exec dawn -z -K --disable-owasp-ror-cheatsheet .
I, [2017-01-31 17:28:40#2518]  INFO -- : dawn v1.6.5 is starting up
D, [2017-01-31 17:28:40#2518] DEBUG -- : Detected version is 3.2.22.5
D, [2017-01-31 17:28:40#2518] DEBUG -- : Safe versions array is ["3.1.9999", "3.2.22.1", "4.1.14.1", "4.2.5.1", "5.0.0.beta1.1"]
D, [2017-01-31 17:28:40#2518] DEBUG -- : Excluded versions array is ["3.0.x"]. I'll mark them as not vulnerable
D, [2017-01-31 17:28:40#2518] DEBUG -- : SAVE_MINOR FLAG = true
D, [2017-01-31 17:28:40#2518] DEBUG -- : SAVE_MAJOR FLAG = true
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[3, 0, "x"] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : higher is 3.2.22.5
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[3, 1, 9999] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_higher? a=3.1.9999, b=3.2.22.5 VER=false - BETA=true - RC=true - SAME=false - a>b? = (false)
D, [2017-01-31 17:28:40#2518] DEBUG -- : higher is 3.2.22.5
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[3, 2, 22, 1] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_higher? a=3.2.22.1, b=3.2.22.5 VER=false - BETA=true - RC=true - SAME=false - a>b? = (false)
D, [2017-01-31 17:28:40#2518] DEBUG -- : higher is 3.2.22.5
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[4, 1, 14, 1] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_higher? a=4.1.14.1, b=3.2.22.5 VER=true - BETA=true - RC=true - SAME=false - a>b? = (true)
D, [2017-01-31 17:28:40#2518] DEBUG -- : higher is 4.1.14.1
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[4, 2, 5, 1] DVA=[4, 1, 14, 1] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_higher? a=4.2.5.1, b=4.1.14.1 VER=true - BETA=true - RC=true - SAME=false - a>b? = (true)
D, [2017-01-31 17:28:40#2518] DEBUG -- : higher is 4.2.5.1
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[5, 0, 0, 1] DVA=[4, 2, 5, 1] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_higher? a=5.0.0.beta1.1, b=4.2.5.1 VER=true - BETA=true - RC=true - SAME=false - a>b? = (true)
D, [2017-01-31 17:28:40#2518] DEBUG -- : vuln?: evaluating 3.2.22.5 against save version: 3.1.9999
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[3, 1, 9999];DVA=[3, 2, 22, 5];SAME_MAJOR? = true; SAME_MINOR?=false; ( dva[2] >= sva[2] )=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[3, 2, 22, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = true; SAME_MINOR?=true; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[4, 1, 14, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = false; SAME_MINOR?=false; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[4, 2, 5, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = false; SAME_MINOR?=true; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[5, 0, 0, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = false; SAME_MINOR?=false; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? DVA=[3, 2, 22, 5] - SVA=[3, 1, 9999]
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? DVA=[3, 2, 22, 5] - SVA=[3, 2, 22, 1]
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? DVA=[3, 2, 22, 5] - SVA=[4, 1, 14, 1]
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? is returning true for 3.2.22.5
D, [2017-01-31 17:28:40#2518] DEBUG -- : SVA={:version=>[3, 1, 9999], :beta=>-1, :rc=>-1, :pre=>-1}
D, [2017-01-31 17:28:40#2518] DEBUG -- : DVA={:version=>[3, 2, 22, 5], :beta=>-1, :rc=>-1, :pre=>-1}
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_vulnerable_aux_patch?: SV[3]=, DV[3]=5
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_vulnerable_version? SAVE_VERSION=3.1.9999,DETECTED=3.2.22.5 -> IS_VULN_MAJOR?=false IS_VULN_MINOR?=false IS_VULN_PATCH?=true IS_VULN_AUX_PATCH=false SAVE_MINOR_FIX=false SAVE_MAJOR_FIX=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? with limit=TRUE
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[3, 1, 9999] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? with limit=TRUE
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[3, 1, 9999] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? with limit=TRUE
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[3, 1, 9999] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : DETECTED 3.2.22.5 is marked VULN=false against 3.1.9999 ( SAVE_MINOR_FIX=false SAVE_MAJOR_FIX=true)
D, [2017-01-31 17:28:40#2518] DEBUG -- : vuln?: evaluating 3.2.22.5 against save version: 3.2.22.1
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[3, 1, 9999];DVA=[3, 2, 22, 5];SAME_MAJOR? = true; SAME_MINOR?=false; ( dva[2] >= sva[2] )=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[3, 2, 22, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = true; SAME_MINOR?=true; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[4, 1, 14, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = false; SAME_MINOR?=false; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[4, 2, 5, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = false; SAME_MINOR?=true; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[5, 0, 0, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = false; SAME_MINOR?=false; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? DVA=[3, 2, 22, 5] - SVA=[3, 1, 9999]
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? DVA=[3, 2, 22, 5] - SVA=[3, 2, 22, 1]
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? DVA=[3, 2, 22, 5] - SVA=[4, 1, 14, 1]
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? is returning true for 3.2.22.5
D, [2017-01-31 17:28:40#2518] DEBUG -- : SVA={:version=>[3, 2, 22, 1], :beta=>-1, :rc=>-1, :pre=>-1}
D, [2017-01-31 17:28:40#2518] DEBUG -- : DVA={:version=>[3, 2, 22, 5], :beta=>-1, :rc=>-1, :pre=>-1}
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_vulnerable_aux_patch?: SV[3]=1, DV[3]=5
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_vulnerable_version? SAVE_VERSION=3.2.22.1,DETECTED=3.2.22.5 -> IS_VULN_MAJOR?=false IS_VULN_MINOR?=false IS_VULN_PATCH?=false IS_VULN_AUX_PATCH=false SAVE_MINOR_FIX=false SAVE_MAJOR_FIX=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? with limit=TRUE
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[3, 2, 22, 1] DVA=[3, 2, 22, 5] RET=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? with limit=TRUE
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[3, 2, 22, 1] DVA=[3, 2, 22, 5] RET=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? with limit=TRUE
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[3, 2, 22, 1] DVA=[3, 2, 22, 5] RET=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : DETECTED 3.2.22.5 is marked VULN=false against 3.2.22.1 ( SAVE_MINOR_FIX=false SAVE_MAJOR_FIX=true)
D, [2017-01-31 17:28:40#2518] DEBUG -- : vuln?: evaluating 3.2.22.5 against save version: 4.1.14.1
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[3, 1, 9999];DVA=[3, 2, 22, 5];SAME_MAJOR? = true; SAME_MINOR?=false; ( dva[2] >= sva[2] )=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[3, 2, 22, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = true; SAME_MINOR?=true; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[4, 1, 14, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = false; SAME_MINOR?=false; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[4, 2, 5, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = false; SAME_MINOR?=true; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[5, 0, 0, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = false; SAME_MINOR?=false; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? DVA=[3, 2, 22, 5] - SVA=[3, 1, 9999]
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? DVA=[3, 2, 22, 5] - SVA=[3, 2, 22, 1]
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? DVA=[3, 2, 22, 5] - SVA=[4, 1, 14, 1]
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? is returning true for 3.2.22.5
D, [2017-01-31 17:28:40#2518] DEBUG -- : SVA={:version=>[4, 1, 14, 1], :beta=>-1, :rc=>-1, :pre=>-1}
D, [2017-01-31 17:28:40#2518] DEBUG -- : DVA={:version=>[3, 2, 22, 5], :beta=>-1, :rc=>-1, :pre=>-1}
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_vulnerable_aux_patch?: SV[3]=1, DV[3]=5
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_vulnerable_version? SAVE_VERSION=4.1.14.1,DETECTED=3.2.22.5 -> IS_VULN_MAJOR?=true IS_VULN_MINOR?=false IS_VULN_PATCH?=false IS_VULN_AUX_PATCH=false SAVE_MINOR_FIX=false SAVE_MAJOR_FIX=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? with limit=TRUE
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[4, 1, 14, 1] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? with limit=TRUE
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[4, 1, 14, 1] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? with limit=TRUE
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[4, 1, 14, 1] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : 3.2.22.5 has a major version vulnerable but honoring save_major_fix
D, [2017-01-31 17:28:40#2518] DEBUG -- : DETECTED 3.2.22.5 is marked VULN=false against 4.1.14.1 ( SAVE_MINOR_FIX=false SAVE_MAJOR_FIX=true)
D, [2017-01-31 17:28:40#2518] DEBUG -- : vuln?: evaluating 3.2.22.5 against save version: 4.2.5.1
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[3, 1, 9999];DVA=[3, 2, 22, 5];SAME_MAJOR? = true; SAME_MINOR?=false; ( dva[2] >= sva[2] )=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[3, 2, 22, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = true; SAME_MINOR?=true; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[4, 1, 14, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = false; SAME_MINOR?=false; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[4, 2, 5, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = false; SAME_MINOR?=true; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[5, 0, 0, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = false; SAME_MINOR?=false; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? DVA=[3, 2, 22, 5] - SVA=[3, 1, 9999]
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? DVA=[3, 2, 22, 5] - SVA=[3, 2, 22, 1]
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? DVA=[3, 2, 22, 5] - SVA=[4, 1, 14, 1]
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? is returning true for 3.2.22.5
D, [2017-01-31 17:28:40#2518] DEBUG -- : SVA={:version=>[4, 2, 5, 1], :beta=>-1, :rc=>-1, :pre=>-1}
D, [2017-01-31 17:28:40#2518] DEBUG -- : DVA={:version=>[3, 2, 22, 5], :beta=>-1, :rc=>-1, :pre=>-1}
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_vulnerable_aux_patch?: SV[3]=1, DV[3]=5
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_vulnerable_version? SAVE_VERSION=4.2.5.1,DETECTED=3.2.22.5 -> IS_VULN_MAJOR?=true IS_VULN_MINOR?=false IS_VULN_PATCH?=false IS_VULN_AUX_PATCH=false SAVE_MINOR_FIX=false SAVE_MAJOR_FIX=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? with limit=TRUE
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[4, 2, 5, 1] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? with limit=TRUE
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[4, 2, 5, 1] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? with limit=TRUE
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[4, 2, 5, 1] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : 3.2.22.5 has a major version vulnerable but honoring save_major_fix
D, [2017-01-31 17:28:40#2518] DEBUG -- : DETECTED 3.2.22.5 is marked VULN=false against 4.2.5.1 ( SAVE_MINOR_FIX=false SAVE_MAJOR_FIX=true)
D, [2017-01-31 17:28:40#2518] DEBUG -- : vuln?: evaluating 3.2.22.5 against save version: 5.0.0.beta1.1
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[3, 1, 9999];DVA=[3, 2, 22, 5];SAME_MAJOR? = true; SAME_MINOR?=false; ( dva[2] >= sva[2] )=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[3, 2, 22, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = true; SAME_MINOR?=true; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[4, 1, 14, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = false; SAME_MINOR?=false; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[4, 2, 5, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = false; SAME_MINOR?=true; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: SVA=[5, 0, 0, 1];DVA=[3, 2, 22, 5];SAME_MAJOR? = false; SAME_MINOR?=false; ( dva[2] >= sva[2] )=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : save_minor_fix: is_there_higher_minor_version? = false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? DVA=[3, 2, 22, 5] - SVA=[3, 1, 9999]
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? DVA=[3, 2, 22, 5] - SVA=[3, 2, 22, 1]
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? DVA=[3, 2, 22, 5] - SVA=[4, 1, 14, 1]
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_there_an_higher_major_version? is returning true for 3.2.22.5
D, [2017-01-31 17:28:40#2518] DEBUG -- : SVA={:version=>[5, 0, 0, 1], :beta=>1, :rc=>-1, :pre=>-1}
D, [2017-01-31 17:28:40#2518] DEBUG -- : DVA={:version=>[3, 2, 22, 5], :beta=>-1, :rc=>-1, :pre=>-1}
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_vulnerable_aux_patch?: SV[3]=1, DV[3]=5
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_vulnerable_version? SAVE_VERSION=5.0.0.beta1.1,DETECTED=3.2.22.5 -> IS_VULN_MAJOR?=true IS_VULN_MINOR?=false IS_VULN_PATCH?=false IS_VULN_AUX_PATCH=false SAVE_MINOR_FIX=false SAVE_MAJOR_FIX=true
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? with limit=TRUE
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[5, 0, 0, 1] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? with limit=TRUE
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[5, 0, 0, 1] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? with limit=TRUE
D, [2017-01-31 17:28:40#2518] DEBUG -- : is_same_version? SVA=[5, 0, 0, 1] DVA=[3, 2, 22, 5] RET=false
D, [2017-01-31 17:28:40#2518] DEBUG -- : 3.2.22.5 has a major version vulnerable but honoring save_major_fix
D, [2017-01-31 17:28:40#2518] DEBUG -- : DETECTED 3.2.22.5 is marked VULN=false against 5.0.0.beta1.1 ( SAVE_MINOR_FIX=false SAVE_MAJOR_FIX=true)
scanning /pipeline/build
rails v3.2.22.5 detected
applying all security checks
223 security checks applied - 0 security checks skipped
1 vulnerabilities found
CVE-2016-2098 check failed

There is a possible remote code execution vulnerability in Action Pack. Applications
that pass unverified user input to the render method in a controller or a view may be vulnerable
to a code injection. 
Evidence:
    Vulnerable actionpack gem version found: 3.2.22.5

I, [2017-01-31 17:28:42#2518]  INFO -- : /home/ubuntu/dawnscanner/db/dawnscanner.db updated with scan infos
I, [2017-01-31 17:28:42#2518]  INFO -- : dawn is shutting down
thesp0nge / dawnscanner

CVE-2016-2098 check not working (Rails 3.2.22.5 classified as "before 3.2.22.2") #223
