EUVD-2018-0158

Malware in sbrugna...

EUVD-2022-5667

Malicious code in bioql PyPI...

Cross-Site Request Forgery (CSRF)

decidim-templates is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the CSRF authenticity token check being disabled for the questionnaire templates preview. This flaw allows attackers to gain access to information which was not meant to be public...

Possible CSRF attack at questionnaire templates preview

Impact The CSRF authenticity token check is currently disabled for the questionnaire templates preview as per: https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnairetemplatescontroller.rbL11 This was...

GHSA-F3QM-VFC3-JG6V Possible CSRF attack at questionnaire templates preview

Impact The CSRF authenticity token check is currently disabled for the questionnaire templates preview as per: https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnairetemplatescontroller.rbL11 This was...

Server-Side Request Forgery (SSRF)

Overview decidim-templates is a This module provides a solution to create templates for different Decidim models, such as Proposals and Questionnaires. Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF due to the authenticity token check being disabled for the...

CVE-2023-47635 Decidim vulnerable to possible CSRF attack at questionnaire templates preview

Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the...

CVE-2023-47635 Decidim vulnerable to possible CSRF attack at questionnaire templates preview

Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the...

CVE-2023-47635

CVE-2023-47635 concerns Decidim (Ruby on Rails) where the CSRF authenticity token check is disabled for the questionnaire templates preview in versions ≤ 0.27.4 and 0.28.0 before the fix. The risk is limited by the requirement that an attacker must also access the user session cookie to view the ...

Possible CSRF attack at questionnaire templates preview

Impact The CSRF authenticity token check is currently disabled for the questionnaire templates preview as per: https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnairetemplatescontroller.rbL11 This was...

SUSE CVE-2020-8166

A CSRF forgery vulnerability exists in rails 5.2.5, rails 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token...

GHSA-WX7C-8J35-MPG8 Fat Free CRM Cross-Site Request Forgery vulnerability

Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery CSRF attacks via a request without the authenticitytoken, as demonstrated by a crafted HTML page that creates a new administrator account...

CSRF forgery protection bypass in solidus_frontend

Impact CSRF vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. All solidusfrontend versions are affected. If you're using your own storefront, please, follow along to make sure you're not affected. To reproduce the issue: - Pick the id for a...

rack-protection: Timing attack in authenticity_token.rb

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to hav...

Cross-Site Request Forgery (CSRF)

polaris-website is vulnerable to cross-site request forgery CSRF. The vulnerability exists as it does not add an authenticity token to each request to verify its validity...

Cross-site Request Forgery (CSRF)

save-server is vulnerable to cross-site request forgery CSRF. The vulnerability exists due to the lack of authenticity token used in the requests, allowing an attacker to trick users into visiting a malicious site and submit requests on behalf of the user...

DEBIAN-CVE-2020-8166

A CSRF forgery vulnerability exists in rails 5.2.5, rails 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token...

UBUNTU-CVE-2020-8166

A CSRF forgery vulnerability exists in rails 5.2.5, rails 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token...

CVE-2020-8166

A CSRF forgery vulnerability exists in rails 5.2.5, rails 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF given a global CSRF token such as the one present in the authenticitytoken meta tag. Remediation Upgrade actionpack to version 5.2.4.3, 6.0.3.1 or higher. References - GitHub Commit - Google Group Forum -...