CVE-2021-39197: Cross-Site Request Forgery (CSRF)

September 7, 2021 (updated September 14, 2021)

better_errors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. better_errors did not implement CSRF protection for its internal requests.

References

nvd.nist.gov/vuln/detail/CVE-2021-39197

Detect and mitigate CVE-2021-39197 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →