RubySec

Providing security resources for the Ruby community

CVE-2015-4619 (spina): Cross-site request forgery (CSRF) vulnerability in Spina gem

ADVISORIES

GEM

spina

PATCHED VERSIONS

  • >= 0.6.29

DESCRIPTION

Spina::ApplicationController actions didn’t have CSRF protection. This causes a CSRF vulnerability across the entire engine which includes administrative functionality such as creating users, changing passwords, and media management.