RubySec

Providing security resources for the Ruby community

CVE-2015-4619 (spina): Cross-site request forgery (CSRF) vulnerability in Spina gem

ADVISORIES

GEM

spina

SEVERITY

CVSS v3.x: 8.8 (High)

PATCHED VERSIONS

  • >= 0.6.29

DESCRIPTION

"Spina::ApplicationController actions didn't have CSRF protection. This causes a CSRF vulnerability across the entire engine which includes administrative functionality such as creating users, changing passwords, and media management."

RELATED