CVE-2023-26153

Exploit

EPSS 0.27%
Veröffentlicht 06.10.2023 05:15:52
Zuletzt bearbeitet 21.11.2024 07:50:53
Quelle report@snyk.io
CVE-Watchlists
Login
Unerledigt
Login

Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value.

**Note:**

 An attacker can use this vulnerability to execute commands on the host system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Geokit ≫ Geokit-rails SwPlatformrails Version < 2.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.498

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
report@snyk.io	8.3	3.9	3.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://gist.github.com/CalumHutton/b7aa1c2e71c8d4386463ac14f686901d

Third Party Advisory

Exploit

https://github.com/geokit/geokit-rails/blob/master/lib/geokit-rails/ip_geocode_lookup.rb%23L37

Broken Link

https://github.com/geokit/geokit-rails/commit/7ffc5813e57f6f417987043e1039925fd0865c43

Patch

https://github.com/geokit/geokit-rails/commit/a93dfe49fb9aeae7164e2f8c4041450a04b5482f

Patch

https://security.snyk.io/vuln/SNYK-RUBY-GEOKITRAILS-5920323

Patch

Third Party Advisory