clockwork_web is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists in the protect_from_forgery
function in home_controller.rb
, which allows an attacker to manipulate the actions of authenticated users by tricking them into clicking on a malicious link or visiting a malicious website while they are logged in, and perform actions on behalf of the victim, such as creating or modifying attributes. Note that clockwork_web is only vulnerable with rails
< 5.2.
CPE | Name | Operator | Version |
---|---|---|---|
clockwork_web | le | 0.1.1 | |
clockwork_web | le | 0.1.1 |