Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 02:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain. |
02 Feb 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | CVE-2008-7248 rubygem-actionpack: Potential CSRF protection circumvention |
Information
Published : 2009-12-16 01:30
Updated : 2023-12-10 10:51
NVD link : CVE-2008-7248
Mitre link : CVE-2008-7248
CVE.ORG link : CVE-2008-7248
JSON object : View
Products Affected
rubyonrails
- rails
CWE
CWE-20
Improper Input Validation