2 matches found
CVE-2023-26153
Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geolocation' cookie. This issue can be exploited remotely via a malicious cookie value. Note: An attacker can use this vulnerability to execute commands on the...
Geokit Rails Code Issue Vulnerability
Geokit Rails is Geokit open source an official Geokit plugin for Rails/ActiveRecord . A security vulnerability exists in Geokit Rails versions prior to 2.5.0, which stems from a command injection attack due to insecure YAML deserialization in the geolocation cookie, which can be exploited by an...