RubySec

Providing security resources for the Ruby community

CVE-2020-36190 (rails_admin): rails_admin ruby gem XSS vulnerability

rails_admin ruby gem XSS vulnerability

Published: March 14, 2020

SECURITY IDENTIFIERS

GEM

rails_admin

SEVERITY

CVSS v3.x: 6.1 (Medium)

PATCHED VERSIONS

~> 1.4.3 >= 2.0.2

DESCRIPTION

RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories