search

uclibs / ucrate

Scholar@UC: University of Cincinnati's self-submission institutional repository
https://scholar.uc.edu
Other
5 stars 3 forks source link

Contact Form Command Injection Vulnerability: Medium Severity #939

Closed bsp3ars closed 2 years ago

bsp3ars commented 3 years ago

Descriptive summary

Brakeman found a vulnerability with File: app/controllers/hyrax/contact_form_controller.rb on line 39

Brakeman Message:

Confidence: Medium Category: Command Injection Check: Execute Message: Possible command injection Code: curl "https://www.google.com/recaptcha/api/siteverify?secret=#{key}&response=#{response}" File: app/controllers/hyrax/contact_form_controller.rb Line: 39