Headline

GHSA-7xvc-v44j-46fh: geokit-rails Command Injection vulnerability

Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the ‘geo_location’ cookie. This issue can be exploited remotely via a malicious cookie value.

Note:

An attacker can use this vulnerability to execute commands on the host system.

1 year ago

ghsa

Open in Source

#vulnerability #git

geokit-rails Command Injection vulnerability

High severity GitHub Reviewed Published Oct 6, 2023 to the GitHub Advisory Database • Updated Oct 6, 2023

Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value. **Note:** An attacker can use this vulnerability to execute commands on the host system.

1 year ago

CVE

Open in Source

#vulnerability #web #mac #apple #git #intel #ssh #ruby #firefox