12 matches found
EUVD-2023-2692
Malicious code in bioql PyPI...
CVE-2023-26153
Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geolocation' cookie. This issue can be exploited remotely via a malicious cookie value. Note: An attacker can use this vulnerability to execute commands on the...
Command Injection
Geokit-rails is vulnerable to Command Injection. The vulnerability is due to unsafe deserialization of YAML within the geolocation cookie. This issue can be exploited remotely via a malicious cookie value...
CVE-2023-26153
Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geolocation' cookie. This issue can be exploited remotely via a malicious cookie value. Note: An attacker can use this vulnerability to execute commands on the...
Command injection
Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geolocation' cookie. This issue can be exploited remotely via a malicious cookie value. Note: An attacker can use this vulnerability to execute commands on the...
CVE-2023-26153
Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geolocation' cookie. This issue can be exploited remotely via a malicious cookie value. Note: An attacker can use this vulnerability to execute commands on the...
CVE-2023-26153
Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geolocation' cookie. This issue can be exploited remotely via a malicious cookie value. Note: An attacker can use this vulnerability to execute commands on the...
CVE-2023-26153
CVE-2023-26153 affects geokit-rails before 2.5.0. Root cause: unsafe YAML deserialization in the geo_location cookie, enabling remote command execution via a forged cookie. This is a cookie‑level, client-supplied input issue that can be exploited to execute commands on the host. Documented impact...
Geokit Rails Code Issue Vulnerability
Geokit Rails is Geokit open source an official Geokit plugin for Rails/ActiveRecord . A security vulnerability exists in Geokit Rails versions prior to 2.5.0, which stems from a command injection attack due to insecure YAML deserialization in the geolocation cookie, which can be exploited by an...
geokit-rails Command Injection vulnerability
Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geolocation' cookie. This issue can be exploited remotely via a malicious cookie value. Note: An attacker can use this vulnerability to execute commands on the...
PT-2023-20532 · Unknown · Geokit-Rails
Name of the Vulnerable Software and Affected Versions: geokit-rails versions prior to 2.5.0 Description: The issue is related to Command Injection due to unsafe deserialization of YAML within the geo location cookie. This can be exploited remotely via a malicious cookie value, allowing an attacke...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geolocation' cookie. This issue can be exploited remotely via a malicious cookie value. Note: An attacker can use this vulnerability to execute commands on the host...