Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Elektra vulnerable to remote code execution in universal search
Vulnerability Description
Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Elektra 安全漏洞
Vulnerability Description
Elektra是SAP Converged Cloud开源的一个 Openstack 仪表板。使 Openstack 更易于用户访问。 Elektra存在安全漏洞,该漏洞源于存在代码注入漏洞,经过身份验证的用户可以制作包含Ruby代码的搜索词执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A