VYPR
Critical severityNVD Advisory· Published Oct 6, 2023· Updated Sep 19, 2024

CVE-2023-26153

CVE-2023-26153

Description

Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value. Note: An attacker can use this vulnerability to execute commands on the host system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
geokit-railsRubyGems
< 2.5.02.5.0

Affected products

2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.