CVE-2023-25015

Cross-Site Request Forgery (CSRF) in gem/clockwork_web

Identifiers

GHSA-p4xx-w6fr-c4w9, CVE-2023-25015

Package Slug

gem/clockwork_web

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.

Affected Versions

All versions before 0.1.2

Solution

Upgrade to version 0.1.2 or above.

Last Modified

2023-02-03

source