CVE-2021-39197

Cross-Site Request Forgery (CSRF) in gem/better_errors

Identifiers

CVE-2021-39197, GHSA-w3j4-76qw-wwjm

Package Slug

gem/better_errors

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

bettererrors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. bettererrors did not implement CSRF protection for its internal requests.

Affected Versions

All versions before 2.8.0

Solution

Upgrade to version 2.8.0 or above.

Last Modified

2021-09-16

source