CVE-2016-10522

Summary

rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.

Affected Software

VendorProductVersion RangeStatus
https://github.com/sferikrails_admin ruby gem>= 1.1.1affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF) (CWE-352)

ADP Enrichment

CVE Program Container

Additional References

References