5 matches found
CVE-2024-28121
stimulusreflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security...
StimulusReflex 3.5.0 Arbitrary Code Execution
StimulusReflex CVE-2024-28121 Arbitrary code execution in StimulusReflex. This affects version 3.5.0 up to and including 3.5.0.rc2 and v3.5.0.pre10. Vulnerable code excerpt stimulusreflex/lib/stimulusreflex/reflex.rb Invoke the reflex action specified by name and run all callbacks def processname...
StimulusReflex 3.5.0 Arbitrary Code Execution Exploit
StimulusReflex versions 3.5.0 up to and including 3.5.0.rc2 and 3.5.0.pre10 suffer from an arbitrary code execution vulnerability. StimulusReflex CVE-2024-28121 Arbitrary code execution in StimulusReflex. This affects version 3.5.0 up to and including 3.5.0.rc2 and v3.5.0.pre10. Vulnerable code...
CVE-2024-28121
creationtimestamp| type| source ---|---|--- 2024-03-12 21:22:12+00:00| seen| https://t.me/ctinow/206165 2024-03-12 21:26:43+00:00| seen| https://t.me/ctinow/206177 2024-03-13 21:07:20+00:00| seen| https://t.me/ctinow/207158...
CVE-2024-28121 Reflex arbitrary method call in stimulus_reflex
stimulusreflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security...