administrate vulnerable to Cross-Site Request Forgery

GHSA-cc8c-26rj-v2vx · CVE-2016-3098

Published Aug 6, 2022 · Modified Nov 8, 2023

Description

Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2016-3098
WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/administrate/CVE-2016-3098.yml
PACKAGE https://github.com/thoughtbot/administrate
WEB https://seclists.org/oss-sec/2016/q2/0

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes