Geokit

geokit

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Geokit Rails

geokit-rails

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-26153 1Geokit 1Geokit Rails Nov 21, 2024 Oct 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie va...Show more Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value. Note: An attacker can use this vulnerability to execute commands on the host system.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2023-26153

1Geokit

1Geokit Rails

Nov 21, 2024

Oct 6, 2023

N/A· v4

9.8 CRITICAL· v3

N/A· v2

Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie va...Show more