Duplicate Advisory: Authentication Bypass by CSRF Weakness

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-26xx-m4q2-xhq8. This link is maintained to preserve external references. Original Description Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend...

Spree Auth Devise vulnerability allows for authentication bypass through CSRF weakness

Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spreeauthdevise are affected if protectfromforgery method is both: Executed whether as: A beforeaction callback the default A prependbeforeaction option prepend: true given...

Cross-site Request Forgery (CSRF)

railsadmin, and several other libraries, are vulnerable to cross-site request forgery CSRF attacks. Non-GET methods in the affect libraries are found to not validate CSRF tokens. It is possible for an attacker to gain access to a site's administrative endpoints that are exposed by the gem. The...

Cross-site request forgery (CSRF) vulnerability in Spina gem

"Spina::ApplicationController actions didn't have CSRF protection. This causes a CSRF vulnerability across the entire engine which includes administrative functionality such as creating users, changing passwords, and media management."...