ADVISORIES

• CVE-2016-3098 (NVD)
• GHSA-cc8c-26rj-v2vx
• Vendor Advisory

GEM

administrate

SEVERITY

CVSS v3.x: 5.4 (Medium)

PATCHED VERSIONS

• >= 0.1.5

DESCRIPTION

"Administrate::ApplicationController actions didn't have CSRF protection. Remote attackers can hijack user's sessions and use any functionality that administrate exposes on their behalf."