RubySec

Providing security resources for the Ruby community

CVE-2017-14683 (geminabox): Gem in a Box vulnerable to Cross-site Request Forgery

ADVISORIES

GEM

geminabox

SEVERITY

CVSS v3.x: 8.8 (High)

PATCHED VERSIONS

  • >= 0.13.7

DESCRIPTION

geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.

RELATED

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories