Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value. **Note:** An attacker can use this vulnerability to execute commands on the host system.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Geokit Rails 代码问题漏洞
Vulnerability Description
Geokit Rails是Geokit开源的一个 Rails/ActiveRecord 的官方 Geokit 插件。 Geokit Rails 2.5.0 之前版本存在安全漏洞,该漏洞源于由于geo_location cookie 中的 YAML 反序列化不安全,容易受到命令注入攻击,攻击者可以利用此漏洞在主机系统上执行命令。
CVSS Information
N/A
Vulnerability Type
N/A