CVE-2015-4619 (spina): Cross-site request forgery (CSRF) vulnerability in Spina gem

ADVISORIES

CVE-2015-4619 (NVD)
GHSA-2hxv-mx8x-mcj9
Vendor Advisory

GEM

spina

SEVERITY

CVSS v3.x: 8.8 (High)

PATCHED VERSIONS

>= 0.6.29

DESCRIPTION

"Spina::ApplicationController actions didn’t have CSRF protection. This causes a CSRF vulnerability across the entire engine which includes administrative functionality such as creating users, changing passwords, and media management."

https://sca.analysiscenter.veracode.com/vulnerability-database/security/cross-site-request-forgery-csrf/ruby/sid-1686/summary
https://github.com/rubysec/ruby-advisory-db/issues/238

RubySec

CVE-2015-4619 (spina): Cross-site request forgery (CSRF) vulnerability in Spina gem

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories