Cross-site Request Forgery (CSRF)

Affecting rails_admin gem, versions < 1.1.1

high severity

Overview

rails_admin is a Rails engine that provides an easy-to-use interface for managing your data.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). An attacker could gain access to the application administrative endpoints exposed by the gem.

Remediation

Upgrade rails_admin to version 1.1.1 or higher.

References

Do your applications use this vulnerable package?

Credit
Unknown
CVE
CVE-2016-10522
CWE
CWE-352
Snyk ID
SNYK-RUBY-RAILSADMIN-22043
Disclosed
25 Dec, 2016
Published
19 Jul, 2018