What is CVE-2023-34102?

CVE-2023-34102 is a high-severity vulnerability in Avo-hq Avo, classified under Improper Input Validation. CVSS score: 8.3/10. Published 2023-06-05.

How severe is CVE-2023-34102?

High severity. CVSS v3 base score is 8.3 out of 10.

Improper input validation in Avo-hq Avo

CVE-2023-34102

Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.077 (92.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H.

Affected products

Avo-hq Avo — versions <= 2.33.2, >= 3.0.0.pre1, <= 3.0.0.pre12

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

https://github.com/avo-hq/avo/security/advisories/GHSA-86h2-2g4g-29qx (x_refsource_CONFIRM)
https://github.com/avo-hq/avo/commit/ec117882ddb1b519481bdd046dc3cfa4474e6e17 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-34102?: CVE-2023-34102 is a high-severity vulnerability in Avo-hq Avo, classified under Improper Input Validation. CVSS score: 8.3/10. Published 2023-06-05.
How severe is CVE-2023-34102?: High severity. CVSS v3 base score is 8.3 out of 10.