Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
harrystech Dynosaur-Rails application_controller.rb basic_auth improper authentication
Vulnerability Description
A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. Affected by this vulnerability is the function basic_auth of the file app/controllers/application_controller.rb. The manipulation leads to improper authentication. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 04b223813f0e336aab50bff140d0f5889c31dbec. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221503.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
认证机制不恰当
Vulnerability Title
Dynosaur-Rails 授权问题漏洞
Vulnerability Description
Dynosaur-Rails是Dynosaur的Web管理界面。 harrystech Dynosaur-Rails存在授权问题漏洞,该漏洞源于文件app/controllers/application_controller.rb的函数basic_auth存在问题,会导致不正确的身份验证。
CVSS Information
N/A
Vulnerability Type
N/A