diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26153.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26153.json new file mode 100644 index 00000000000..6b704304f17 --- /dev/null +++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26153.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-26153", + "sourceIdentifier": "report@snyk.io", + "published": "2023-10-06T05:15:52.803", + "lastModified": "2023-10-06T05:15:52.803", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value.\r\r**Note:**\r\r An attacker can use this vulnerability to execute commands on the host system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "report@snyk.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.7 + } + ] + }, + "references": [ + { + "url": "https://gist.github.com/CalumHutton/b7aa1c2e71c8d4386463ac14f686901d", + "source": "report@snyk.io" + }, + { + "url": "https://github.com/geokit/geokit-rails/blob/master/lib/geokit-rails/ip_geocode_lookup.rb%23L37", + "source": "report@snyk.io" + }, + { + "url": "https://github.com/geokit/geokit-rails/commit/7ffc5813e57f6f417987043e1039925fd0865c43", + "source": "report@snyk.io" + }, + { + "url": "https://github.com/geokit/geokit-rails/commit/a93dfe49fb9aeae7164e2f8c4041450a04b5482f", + "source": "report@snyk.io" + }, + { + "url": "https://security.snyk.io/vuln/SNYK-RUBY-GEOKITRAILS-5920323", + "source": "report@snyk.io" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 05076a7abdb..68e94497502 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-06T04:00:24.498090+00:00 +2023-10-06T06:00:26.330359+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-06T03:15:10.647000+00:00 +2023-10-06T05:15:52.803000+00:00 ``` ### Last Data Feed Release @@ -29,24 +29,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227084 +227085 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `1` +* [CVE-2023-26153](CVE-2023/CVE-2023-261xx/CVE-2023-26153.json) (`2023-10-06T05:15:52.803`) ### CVEs modified in the last Commit -Recently modified CVEs: `5` +Recently modified CVEs: `0` -* [CVE-2023-41335](CVE-2023/CVE-2023-413xx/CVE-2023-41335.json) (`2023-10-06T03:15:10.263`) -* [CVE-2023-42453](CVE-2023/CVE-2023-424xx/CVE-2023-42453.json) (`2023-10-06T03:15:10.367`) -* [CVE-2023-42464](CVE-2023/CVE-2023-424xx/CVE-2023-42464.json) (`2023-10-06T03:15:10.460`) -* [CVE-2023-42822](CVE-2023/CVE-2023-428xx/CVE-2023-42822.json) (`2023-10-06T03:15:10.543`) -* [CVE-2023-44488](CVE-2023/CVE-2023-444xx/CVE-2023-44488.json) (`2023-10-06T03:15:10.647`) ## Download and Usage