Описание
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needs-triage |
| jaunty | ignored | end of life |
| karmic | not-affected | 2.2.3-1 |
| lucid | not-affected | |
| maverick | not-affected | |
| natty | not-affected | |
| upstream | released | 2.1.3, 2.2.2 |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify ...
EPSS
6.8 Medium
CVSS2