Cross-Site Request Forgery (CSRF)
Affecting upmin gem, versions >=0.0.0
upmin is Customizable admin dashbaords generated with only a few lines of code.
Affected versions of the package are vulnerable to Cross-Site Request Forgery (CSRF). The anti-CSRF protection
protect_from_forgery is off by default in
The fix is merged to the master branch but not yet published.
Do your applications use this vulnerable package?
- Jason Yeo
- Snyk ID
- 30 Mar, 2016
- 10 Jan, 2018