We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
2 parents cca8b77 + dff5544 commit b08435dCopy full SHA for b08435d
gems/administrate/CVE-2016-3098.yml
@@ -0,0 +1,14 @@
1
+---
2
+gem: administrate
3
+cve: 2016-3098
4
+title: Cross-site request forgery (CSRF) vulnerability in administrate gem
5
+date: 2016-04-01
6
+url: http://seclists.org/oss-sec/2016/q2/0
7
+
8
+description: >-
9
+ `Administrate::ApplicationController` actions didn't have CSRF
10
+ protection. Remote attackers can hijack user's sessions and use any
11
+ functionality that administrate exposes on their behalf.
12
13
+patched_versions:
14
+ - ">= 0.1.5"
0 commit comments