Sha256: faf7399eab2441d52ace1462da2be97a70ede5ff350915089f3cb3103f71144b

Contents?: true

Size: 475 Bytes

Versions: 5

Compression:

Stored size: 475 Bytes

Contents

---
gem: spina
cve: 2015-4619
title: Cross-site request forgery (CSRF) vulnerability in Spina gem
date: 2015-06-16
url: http://www.openwall.com/lists/oss-security/2015/06/16/11

description: >-
  `Spina::ApplicationController` actions didn't have CSRF
  protection. This causes a CSRF vulnerability across the
  entire engine which includes administrative functionality
  such as creating users, changing passwords,
  and media management.

patched_versions:
  - ">= 0.6.29"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/spina/CVE-2015-4619.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/spina/CVE-2015-4619.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/spina/CVE-2015-4619.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/spina/CVE-2015-4619.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/spina/CVE-2015-4619.yml