Lucene search
K

28 matches found

OSV
OSV
added 2020/08/05 2:53 p.m.33 views

GHSA-V6FX-752R-CCP2 PgHero gem allows CSRF

The PgHero gem through 2.6.0 for Ruby allows CSRF. PgHero normally uses the protectfromforgery method from Rails to prevent CSRF. However, this defaults to :nullsession, which has no effect on non-session based authentication methods. Thus the ruby gem is vulnerable with non-session based...

8.1CVSS8.1AI score0.00465EPSS
Exploits0References5
NVD
NVD
added 2020/08/05 2:15 p.m.12 views

CVE-2020-16253

The PgHero gem through 2.6.0 for Ruby allows CSRF...

8.1CVSS8.1AI score0.00465EPSS
Exploits0References2
OSV
OSV
added 2020/08/05 2:15 p.m.16 views

CVE-2020-16253

The PgHero gem through 2.6.0 for Ruby allows CSRF...

8.1CVSS8.1AI score
Exploits0References2
Prion
Prion
added 2020/08/05 2:15 p.m.15 views

Cross site request forgery (csrf)

The PgHero gem through 2.6.0 for Ruby allows CSRF...

5.8CVSS8.1AI score0.00465EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/08/05 1:42 p.m.62 views

CVE-2020-16253

CVE-2020-16253 affects the PgHero gem for Ruby up to version 2.6.0 and is a cross-site request forgery (CSRF) vulnerability. The available connected documents consistently describe a CSRF issue in PgHero, noting that Rails’ protect_from_forgery defaults to a non-session session (null_session) whi...

8.1CVSS8AI score0.00465EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/08/05 1:42 p.m.17 views

CVE-2020-16253

The PgHero gem through 2.6.0 for Ruby allows CSRF...

8.1AI score0.00465EPSS
Exploits0References2
RubySec
RubySec
added 2020/08/04 12:0 a.m.19 views

CSRF Vulnerability with Non-Session Based Authentication

The PgHero dashboard is vulnerable to CSRF with non-session based authentication methods. Impact The PgHero dashboard is vulnerable to cross-site request forgery CSRF. This affects the Docker image, Linux packages, and in specific cases, the Ruby gem. The Ruby gem is vulnerable with non-session...

8.1CVSS2.8AI score0.00465EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2019/09/04 4:34 p.m.78 views

Omise: Found Origin IP's Lead To Access To [ Grafana Instance , PgHero Instance [ Can SQL Injection ]

Hello through RECON for on go.exchange i found origin ip's on https://censys.io/ipv4?q=go.exchange That's allow to the attacker to access to Many Instances Like Grafana But Need Crediantles And Access To PgHero and TokenModel · GO.Exchange where the attacker can use pghero to Execute postgresql...

0.7AI score
Exploits0
Rows per page
Query Builder