CVE-2016-10522

NameCVE-2016-10522
Descriptionrails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs903855

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby-rails-admin (PTS)stretch0.8.1+dfsg-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby-rails-adminsource(unstable)(unfixed)903855

Notes

[stretch] - ruby-rails-admin <no-dsa> (Minor issue; has regression potential)
https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a
Regression: https://github.com/sferik/rails_admin/issues/2830
Search for package or bug name: Reporting problems