HIGH 8.4 RubyGems
Duplicate Advisory: ActiveAdmin vulnerable to CSV injection
GHSA-rqxc-9p8h-xqgq
Published ยท Modified
Description
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-xhvv-3jww-c487. This link is maintained to preserve external references.
Original Description
csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-51763
- WEB https://github.com/activeadmin/activeadmin/pull/8161
- WEB https://github.com/activeadmin/activeadmin/commit/697be2b183491beadc8f0b7d8b5bfb44f2387909
- PACKAGE https://github.com/activeadmin/activeadmin
- WEB https://github.com/activeadmin/activeadmin/releases/tag/v3.2.0
- ADVISORY https://github.com/advisories/GHSA-rqxc-9p8h-xqgq
- WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activeadmin/CVE-2023-51763.yml
Ready to move
Start Securing
Free, no credit card | First findings in minutes