RubySec

Providing security resources for the Ruby community

CVE-2020-36190 (rails_admin): rails_admin ruby gem XSS vulnerability

ADVISORIES

GEM

rails_admin

SEVERITY

CVSS v3.x: 6.1 (Medium)

PATCHED VERSIONS

  • ~> 1.4.3
  • >= 2.0.2

DESCRIPTION

RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories