rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2018-07-05T16:00:00

Updated: 2024-08-06T03:21:52.174Z

Reserved: 2017-10-29T00:00:00

Link: CVE-2016-10522

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-07-05T16:29:00.250

Modified: 2024-11-21T02:44:11.737

Link: CVE-2016-10522

cve-icon Redhat

No data.