CVE-2020-8166: Cross-Site Request Forgery (CSRF)
(updated )
A CSRF vulnerability exists in rails that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token
meta tag, forge a per-form CSRF token.
References
Detect and mitigate CVE-2020-8166 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →