Cross-Site Request Forgery (CSRF)

Affecting upmin-admin gem, versions >0.0.0

medium severity

Overview

upmin-admin is Customizable admin dashboards generated with only a few lines of code.

Affected versions of the package are vulnerable to Cross-Site Request Forgery (CSRF). The anti-CSRF protection protect_from_forgery is off by default in Rails ActionController::Base.

Remediation

There is no fix version for upmin-admin.

References

Do your applications use this vulnerable package?

Credit
Jason Yeo
CWE
CWE-352
Snyk ID
SNYK-RUBY-UPMINADMIN-20481
Disclosed
30 Mar, 2016
Published
10 Jan, 2018