3 matches found
CVE-2023-26033
Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects in user preferences the "Recently Visited Packages" view for the index page, the value of the searchhistory cookie is used as a...
CVE-2023-26033
Gentoo soko (packages.gentoo.org) is vulnerable to SQL injection in versions prior to 1.0.1, exploitable via the Recently Visited Packages search_history cookie. Attackers can alter the cookie (base64-encoded comma list of atoms) to inject SQL into atom = '%s' queries, potentially wiping or alter...
CVE-2023-26033 Gentoo soko contains DoS attack based on SQL Injection
Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects in user preferences the "Recently Visited Packages" view for the index page, the value of the searchhistory cookie is used as a...