Vulnerability Details : CVE-2023-26153
Potential exploit
Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value.
**Note:**
An attacker can use this vulnerability to execute commands on the host system.
Products affected by CVE-2023-26153
- cpe:2.3:a:geokit:geokit-rails:*:*:*:*:*:rails:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-26153
0.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-26153
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
8.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L |
3.9
|
3.7
|
Snyk |
CWE ids for CVE-2023-26153
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-26153
-
https://gist.github.com/CalumHutton/b7aa1c2e71c8d4386463ac14f686901d
geokit-rails v2.3.2 Unsafe Deserialisation · GitHubExploit;Third Party Advisory
-
https://github.com/geokit/geokit-rails/blob/master/lib/geokit-rails/ip_geocode_lookup.rb%23L37
File not found · GitHubBroken Link
-
https://github.com/geokit/geokit-rails/commit/7ffc5813e57f6f417987043e1039925fd0865c43
Merge pull request #159 from geokit/tests2023 · geokit/geokit-rails@7ffc581 · GitHubPatch
-
https://github.com/geokit/geokit-rails/commit/a93dfe49fb9aeae7164e2f8c4041450a04b5482f
Re-enabled and fixed up tests and removed YAML support. · geokit/geokit-rails@a93dfe4 · GitHubPatch
-
https://security.snyk.io/vuln/SNYK-RUBY-GEOKITRAILS-5920323
Command Injection in geokit-rails | CVE-2023-26153 | SnykExploit;Patch;Third Party Advisory
Jump to