漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
漏洞信息
N/A
漏洞
N/A
漏洞
Ruby multi_xml 远程任意命令执行漏洞
漏洞信息
Grape 0.2.6版本也可能包括其他产品中使用的multi_xml gem 0.5.2 for Ruby中存在漏洞,该漏洞源于程序未正确限制字符串值的类型转换。远程攻击者可通过YAML类型转换或Symbol类型转换利用该漏洞实施对象注入攻击和执行任意代码,或造成与XML内嵌实体引用相关的拒绝服务(内存和CPU耗尽)。
漏洞信息
N/A
漏洞
N/A