4 matches found
CVE-2024-39906
A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...
CVE-2024-39906
A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...
CVE-2024-39906
The CVE-2024-39906 vulnerability affects the Haven blog web application (Ruby on Rails) via its IndieAuth functionality. A logged-in administrator can be forced to click a crafted link that executes arbitrary commands on the server, enabling Remote Code Execution (RCE). The root cause is a comman...
PT-2024-28724 · Unknown +1 · Ruby On Rails +1
Name of the Vulnerable Software and Affected Versions: Haven blog web application affected versions not specified Description: A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires...