Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection Vulnerability in Mechanize
Vulnerability Description
Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel.open method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: Mechanize::CookieJar#load, Mechanize::CookieJar#save_as, Mechanize#download, Mechanize::Download#save, Mechanize::File#save, and Mechanize::FileResponse#read_body. This is fixed in version 2.7.7.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Sparkle Motion Mechanize 操作系统命令注入漏洞
Vulnerability Description
Sparkle Motion Mechanize是Sparkle Motion组织的一个基于Ruby用于支持Web进行自动化交互的代码库。 Mechanize 存在操作系统命令注入漏洞,该漏洞允许使用几个类的方法注入操作系统命令,这些方法隐式地使用了Ruby的内核。
CVSS Information
N/A
Vulnerability Type
N/A