GHSA-8fqx-7pv4-3jwm, CVE-2008-7248
gem/actionpack
Improper Input Validation
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
All versions starting from 2.1.0 before 2.1.3, all versions starting from 2.2.0 before 2.2.2
Upgrade to versions 2.1.3, 2.2.2 or above.
2023-05-29
source |