Auto-Update: 2023-10-06T06:00:26.330359+00:00

2025-07-11 16:13:34 +00:00 · 2023-10-06 06:00:29 +00:00 · 2023-10-06 06:00:29 +00:00 · 3e7658d5c2
commit 3e7658d5c2
parent e1caebcd20
2 changed files with 65 additions and 10 deletions
--- a/CVE-2023/CVE-2023-261xx/CVE-2023-26153.json
+++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26153.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-26153",
+  "sourceIdentifier": "report@snyk.io",
+  "published": "2023-10-06T05:15:52.803",
+  "lastModified": "2023-10-06T05:15:52.803",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value.\r\r**Note:**\r\r An attacker can use this vulnerability to execute commands on the host system."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "report@snyk.io",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 8.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://gist.github.com/CalumHutton/b7aa1c2e71c8d4386463ac14f686901d",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://github.com/geokit/geokit-rails/blob/master/lib/geokit-rails/ip_geocode_lookup.rb%23L37",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://github.com/geokit/geokit-rails/commit/7ffc5813e57f6f417987043e1039925fd0865c43",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://github.com/geokit/geokit-rails/commit/a93dfe49fb9aeae7164e2f8c4041450a04b5482f",
+      "source": "report@snyk.io"
+    },
+    {
+      "url": "https://security.snyk.io/vuln/SNYK-RUBY-GEOKITRAILS-5920323",
+      "source": "report@snyk.io"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-10-06T04:00:24.498090+00:00
+2023-10-06T06:00:26.330359+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-10-06T03:15:10.647000+00:00
+2023-10-06T05:15:52.803000+00:00
 ```

 ### Last Data Feed Release
@ -29,24 +29,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-227084
+227085
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `1`

+* [CVE-2023-26153](CVE-2023/CVE-2023-261xx/CVE-2023-26153.json) (`2023-10-06T05:15:52.803`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `5`
+Recently modified CVEs: `0`

-* [CVE-2023-41335](CVE-2023/CVE-2023-413xx/CVE-2023-41335.json) (`2023-10-06T03:15:10.263`)
-* [CVE-2023-42453](CVE-2023/CVE-2023-424xx/CVE-2023-42453.json) (`2023-10-06T03:15:10.367`)
-* [CVE-2023-42464](CVE-2023/CVE-2023-424xx/CVE-2023-42464.json) (`2023-10-06T03:15:10.460`)
-* [CVE-2023-42822](CVE-2023/CVE-2023-428xx/CVE-2023-42822.json) (`2023-10-06T03:15:10.543`)
-* [CVE-2023-44488](CVE-2023/CVE-2023-444xx/CVE-2023-44488.json) (`2023-10-06T03:15:10.647`)


 ## Download and Usage