CVE-2023-25015

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF...

Cross-Site Request Forgery (CSRF)

clockworkweb is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in the protectfromforgery function in homecontroller.rb, which allows an attacker to manipulate the actions of authenticated users by tricking them into clicking on a malicious link or visiting a malicious...

GHSA-P4XX-W6FR-C4W9 Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2

Clockwork Web before 0.1.2, when used with Rails before 5.2 is used, allows Cross-Site Request Forgery CSRF. A CSRF attack works by getting an authorized user to visit a malicious website and then performing requests on behalf of the user. In this instance, actions include enabling and disabling...

Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2

Clockwork Web before 0.1.2, when used with Rails before 5.2 is used, allows Cross-Site Request Forgery CSRF. A CSRF attack works by getting an authorized user to visit a malicious website and then performing requests on behalf of the user. In this instance, actions include enabling and disabling...

CVE-2023-25015

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF...

Cross site request forgery (csrf)

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF...

CVE-2023-25015

CVE-2023-25015 concerns Clockwork Web prior to 0.1.2 when used with Rails

Ruby On Rails DoubleTap Development Mode secret_key_base Remote Code Execution Exploit

This Metasploit module exploits a vulnerability in Ruby on Rails. In development mode, a Rails application would use its name as the secretkeybase, and can be easily extracted by visiting an invalid resource for a path. As a result, this allows a remote user to create and deliver a signed...