Launch Week Day 1: Announcing Security Design Review
Start for Free
HIGH 8.8 RubyGems

Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability

GHSA-2hxv-mx8x-mcj9 · CVE-2015-4619

Published · Modified

Description

Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. Spina::ApplicationController actions didn't have CSRF protection. This causes a CSRF vulnerability across the entire engine which includes administrative functionality such as creating users, changing passwords, and media management.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes