Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the ‘geo_location’ cookie. This issue can be exploited remotely via a malicious cookie value.


An attacker can use this vulnerability to execute commands on the host system.

Source: CVE-2023-26153

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다