Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RequestStore has Incorrect Default Permissions
Vulnerability Description
RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
缺省权限不正确
Vulnerability Title
RequestStore 安全漏洞
Vulnerability Description
RequestStore是Steve Klabnik个人开发者的一个工具。 RequestStore 1.3.2版本存在安全漏洞。攻击者利用该漏洞可以执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A