Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Gollum和gollum-lib 安全漏洞
Vulnerability Description
Gollum是一套基于Git(分布式版本控制系统)的维基(wiki)系统。gollum-lib是一个基于Ruby的允许检索、写入或格式化维基系统内容的API接口。 Gollum 3.1.1之前的版本中的gollum-grit_adapter Ruby gem dependency和gollum-lib 4.0.1之前的版本中的gollum-lib gem dependency存在安全漏洞。远程攻击者可借助-O或 --open-files-in-pager旗标利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A