You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an eval sink which executes the code.
Impact
A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an
evalsink which executes the code.Patches
Fixed in commit 8bce00b
Workarounds
no workarounds required. Already fixed.
References
49aea3b
8bce00b
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H/E:X/RL:O/RC:C&version=3.1
This vulnerability was discovered with the help of CodeQL's Code injection query.