28 matches found
GHSA-V6FX-752R-CCP2 PgHero gem allows CSRF
The PgHero gem through 2.6.0 for Ruby allows CSRF. PgHero normally uses the protectfromforgery method from Rails to prevent CSRF. However, this defaults to :nullsession, which has no effect on non-session based authentication methods. Thus the ruby gem is vulnerable with non-session based...
CVE-2020-16253
The PgHero gem through 2.6.0 for Ruby allows CSRF...
CVE-2020-16253
The PgHero gem through 2.6.0 for Ruby allows CSRF...
Cross site request forgery (csrf)
The PgHero gem through 2.6.0 for Ruby allows CSRF...
CVE-2020-16253
CVE-2020-16253 affects the PgHero gem for Ruby up to version 2.6.0 and is a cross-site request forgery (CSRF) vulnerability. The available connected documents consistently describe a CSRF issue in PgHero, noting that Rails’ protect_from_forgery defaults to a non-session session (null_session) whi...
CVE-2020-16253
The PgHero gem through 2.6.0 for Ruby allows CSRF...
CSRF Vulnerability with Non-Session Based Authentication
The PgHero dashboard is vulnerable to CSRF with non-session based authentication methods. Impact The PgHero dashboard is vulnerable to cross-site request forgery CSRF. This affects the Docker image, Linux packages, and in specific cases, the Ruby gem. The Ruby gem is vulnerable with non-session...
Omise: Found Origin IP's Lead To Access To [ Grafana Instance , PgHero Instance [ Can SQL Injection ]
Hello through RECON for on go.exchange i found origin ip's on https://censys.io/ipv4?q=go.exchange That's allow to the attacker to access to Many Instances Like Grafana But Need Crediantles And Access To PgHero and TokenModel · GO.Exchange where the attacker can use pghero to Execute postgresql...