Lucene search
PRIOn knowledge basePRION:CVE-2023-34102HistoryJun 05, 2023 - 11:15 p.m.
Input validation
2023-06-0523:15:00
PRIOn knowledge base
www.prio-n.com
2
open source
ruby on rails
admin panel
polymorphic field
remote code execution
commit
security update
untrusted users
application crashes
Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. This issue has been addressed in commit ec117882d which is expected to be included in subsequent releases. Users are advised to limit access to untrusted users until a new release is made.
| CPE | Name | Operator | Version |
|---|---|---|---|
| avo | le | 2.33.2 | |
| avo | eq | 3.0.0 pre12 |
Related
cvelist
cvelist
CVE-2023-34102 Possible unsafe reflection / partial denial of service in avo
2023-06-05 22:16:43
osv
osv
avo possible unsafe reflection / partial DoS vulnerability
2023-06-06 16:46:57
CVE-2023-34102
2023-06-05 23:15:12
github
github
avo possible unsafe reflection / partial DoS vulnerability
2023-06-06 16:46:57
cve
cve
CVE-2023-34102
2023-06-05 23:15:12
nvd
nvd
CVE-2023-34102
2023-06-05 23:15:12
veracode
veracode
Improper Input Validation
2023-06-09 07:25:28