High severity8.8NVD Advisory· Published Sep 7, 2017· Updated May 13, 2026

CVE-2015-4619

Description

Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
spinaRubyGems	< 0.6.29	0.6.29

Affected products

Denkgroot/Spina
cpe:2.3:a:denkgroot:spina:*:*:*:*:*:*:*:*
Range: <=0.11.1

Patches

bfe44f289e33

protect from forgery

https://github.com/denkGroot/SpinaBram JettenJun 16, 2015via ghsa

commit

1 file changed · +2 −0

app/controllers/spina/application_controller.rb+2 −0 modified

@@ -1,5 +1,7 @@
 module Spina
   class ApplicationController < ActionController::Base
+    protect_from_forgery
+    
     include ApplicationHelper
 
     private

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

www.openwall.com/lists/oss-security/2015/06/16/20nvdMailing ListPatchThird Party AdvisoryWEB
github.com/denkGroot/Spina/commit/bfe44f289e336f80b6593032679300c493735e75nvdIssue TrackingPatchThird Party AdvisoryWEB
www.securityfocus.com/bid/75216nvdThird Party AdvisoryVDB EntryWEB
github.com/advisories/GHSA-2hxv-mx8x-mcj9ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2015-4619ghsaADVISORY
www.openwall.com/lists/oss-security/2015/06/16/11ghsaWEB
github.com/rubysec/ruby-advisory-db/blob/master/gems/spina/CVE-2015-4619.ymlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000