EUVD-2021-2122

Malware in sbrugna...

CVE-2021-39197

bettererrors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. bettererrors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not...

Malicious code in active-model-better_errors (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Cross-site Request Forgery (CSRF)

Overview bettererrors is a package that provides a better error page for Rails and other Rack apps. Includes source code inspection, a live REPL and local/instance variable inspection for all stack frames. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF...

Better Errors跨站请求伪造漏洞

Better Errors is a better, more useful error page replacing the standard Rails error page. A cross-site request forgery vulnerability exists in versions prior to Better Errors 2.8.0, which stems from the software not implementing CSRF protection for its internal requests. It also did not enforce...