CVE-2016-10522

N/A

rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.

N/A

跨站请求伪造(CSRF)

rails_admin ruby 跨站请求伪造漏洞

rails_admin ruby是一个支持使用界面管理数据的Rails引擎。 rails_admin ruby 1.1.1之前版本中存在跨站请求伪造漏洞，该漏洞源于Non-GET方法没有验证跨站请求伪造令牌。攻击者可利用该漏洞获取被gem所公开的应用程序管理端点的访问权限。

N/A

N/A