Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Possible unsafe reflection / partial denial of service in avo
Vulnerability Description
Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. This issue has been addressed in commit `ec117882d` which is expected to be included in subsequent releases. Users are advised to limit access to untrusted users until a new release is made.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Avo 输入验证错误漏洞
Vulnerability Description
Avo是Avo开源的一个开源的 ruby on rails 管理面板创建框架。 Avo 2.33.2版本、3.0.0.pre12版本存在输入验证错误漏洞,该漏洞源于用户在使用多态字段类型存储输入并更新记录类时,不会在后端验证,这可能导致远程代码执行、应用程序崩溃。
CVSS Information
N/A
Vulnerability Type
N/A