CVE-2008-7248 in Ruby on Railsinfo

Summary

Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

12/11/2009

Disclosure

12/15/2009

Moderation

VulDB entry created

Entries

VDB-51153 (1)

CPE

ready

CWE

CWE-20 (Confirmed)

Exploit

Download

CVSS

6.3

EPSS

0.11409

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-7248
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-7248
CVE Details	https://www.cvedetails.com/cve/CVE-2008-7248/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!