CVE-2021-39197, GHSA-w3j4-76qw-wwjm
gem/better_errors
Cross-Site Request Forgery (CSRF)
bettererrors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. bettererrors did not implement CSRF protection for its internal requests.
All versions before 2.8.0
Upgrade to version 2.8.0 or above.
2021-09-16
source |