Cross-Site Request Forgery (CSRF)

clockworkweb is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in the protectfromforgery function in homecontroller.rb, which allows an attacker to manipulate the actions of authenticated users by tricking them into clicking on a malicious link or visiting a malicious...

Duplicate Advisory: Authentication Bypass by CSRF Weakness

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-26xx-m4q2-xhq8. This link is maintained to preserve external references. Original Description Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend...

GHSA-6MQR-Q86Q-6GWR Duplicate Advisory: Authentication Bypass by CSRF Weakness

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-26xx-m4q2-xhq8. This link is maintained to preserve external references. Original Description Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend...

Authentication Bypass

spreeauthdevise is vulnerable to authentication bypass. An attacker can takeover an account through CSRF if protectfromforgery method satisfy both below: 1Executed whether as: A beforeaction callback the default A prependbeforeaction option prepend: true given before the :loadobject hook in...

Authentication Bypass by CSRF Weakness

Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevise are affected if protectfromforgery method is both: - Executed whether as: - A beforeaction callback the default - A prependbeforeaction option prepend: tr...

Authentication Bypass by CSRF Weakness

Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spreeauthdevise are affected if protectfromforgery method is both: Executed whether as: A beforeaction callback the default A prependbeforeaction option prepend: true given...

CVE-2021-41274

solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...

CVE-2021-41275

spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spreeauthdevise is subject to a CSRF vulnerability that allows user account...

CVE-2021-41274

solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...

Cross site request forgery (csrf)

solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...

GHSA-W542-CPP9-R3G7 Field Test CSRF vulnerability

The Field Test dashboard is vulnerable to cross-site request forgery CSRF with non-session based authentication methods in versions v0.2.0 through v0.3.2. Impact The Field Test dashboard is vulnerable to CSRF with non-session based authentication methods, like basic authentication. Session-based...

Field Test CSRF vulnerability

The Field Test dashboard is vulnerable to cross-site request forgery CSRF with non-session based authentication methods in versions v0.2.0 through v0.3.2. Impact The Field Test dashboard is vulnerable to CSRF with non-session based authentication methods, like basic authentication. Session-based...

Cross site request forgery (csrf)

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protectfromforgery mechanism and conduct cross-site request forgery CSRF attacks via a destructive action in a request...

Ruby on Rails 'protect_from_forgery'跨站脚本请求伪造漏洞

Bugraq ID: 37322 CVE ID：CVE-2009-4136 Ruby on Rails是一款Web应用程序框架，构建在Ruby语言之上。 Ruby on Rails 'protectfromforgery'存在跨站请求伪造攻击，远程攻击者可以利用漏洞执行部分管理员操作，获得对应用程序的未授权访问或删除部分数据。 Ruby on Rails Ruby on Rails 2.3.5 Ruby on Rails Ruby on Rails 2.3.4 Ruby on Rails Ruby on Rails 2.3.3 Ruby on Rails Ruby on Rails...