CVE-2016-10522

CVE-2016-10522

Vendor Https://Github.com/Sferik
Product rails_admin ruby gem
Weakness CWE-352 · CSRF
Published July 5, 2018
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.

Key dates

02Disclosure timeline

July 5, 2018 CVE published
August 6, 2024 Record updated