PT-2021-20949 · Narou · Narou

Ryotak

Published

2021-06-28

Updated

2021-07-02

CVE-2021-35514

CVSS v3.1

8.5

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Narou (aka Narou.rb) versions prior to 3.8.0

Description: The issue allows Ruby Code Injection via the title name or author name of a novel.

Recommendations: For versions prior to 3.8.0, update to version 3.8.0 or later to resolve the issue.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2021-35514

GHSA-GWRJ-88FP-5M36

Narou