RubyGems package
administrate
pkg:gem/administrate
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-3098 | — | < 0.1.5 | 0.1.5 | Aug 5, 2022 | Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code. | ||
| CVE-2020-5257 | — | < 0.13.0 | 0.13.0 | Mar 13, 2020 | In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and |
- CVE-2016-3098Aug 5, 2022affected < 0.1.5fixed 0.1.5
Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.
- CVE-2020-5257Mar 13, 2020affected < 0.13.0fixed 0.13.0
In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and