Sha256: 415ddc267a38dbfbec15a5731f1896b7c1eca344e9def93d99f8b8f033642d80

Contents?: true

Size: 748 Bytes

Versions: 3

Compression:

Stored size: 748 Bytes

Contents

---
gem: rails_admin
cve: 2016-10522
date: 2016-12-21
url: https://www.sourceclear.com/blog/Rails_admin-Vulnerability-Disclosure/
title: CSRF vulnerability in rails_admin
description: |
  The rails_admin gem is vulnerable to cross-site request forgery (CSRF) attacks.
  Due to a bug, non-GET methods were not validating CSRF tokens and, as a result,
  an attacker could hypothetically gain access to the application administrative
  endpoints exposed by the gem.

cvss_v2: 5.5
unaffected_versions:
- "< 1.0.0"
patched_versions:
- ">= 1.1.1"
related:
  url:
    - https://www.sourceclear.com/registry/security/cross-site-request-forgery-csrf-/ruby/sid-3173
    - https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/rails_admin/CVE-2016-10522.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/rails_admin/CVE-2016-10522.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/rails_admin/CVE-2016-10522.yml