Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: administrate
date: 2016-04-01
url: http://seclists.org/oss-sec/2016/q2/0
cve: 2016-3098
title: Cross-site request forgery (CSRF) vulnerability in administrate gem
description: "`Administrate::ApplicationController` actions didn't have CSRF protection.
  Remote attackers can hijack user's sessions and use any functionality that administrate
  exposes on their behalf."
patched_versions:
- ">= 0.1.5"