Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Reflex arbitrary method call in stimulus_reflex
Vulnerability Description
stimulus_reflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security implications. To invoke a reflex a websocket message of the following shape is sent: `\"target\":\"[class_name]#[method_name]\",\"args\":[]`. The server will proceed to instantiate `reflex` using the provided `class_name` as long as it extends `StimulusReflex::Reflex`. It then attempts to call `method_name` on the instance with the provided arguments. This is problematic as `reflex.method method_name` can be more methods that those explicitly specified by the developer in their reflex class. A good example is the instance_variable_set method. This vulnerability has been patched in versions 3.4.2 and 3.5.0.rc4. Users unable to upgrade should: see the backing GHSA advisory for mitigation advice.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用外部可控制的输入来选择类或代码(不安全的反射)
Vulnerability Title
StimulusReflex 安全漏洞
Vulnerability Description
StimulusReflex是一个通过拦截用户交互并通过实时 Websocket 将其传递给 Rails 来扩展 Rails 和 Stimulus 功能的系统。 StimulusReflex 3.4.1及之前版本,3.5.0.rc3及之前版本存在安全漏洞,该漏洞源于允许在reflex实例上调用任意方法,包括一些不安全方法。
CVSS Information
N/A
Vulnerability Type
N/A