RubyGems package
decidim-templates
pkg:gem/decidim-templates
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-47635 | — | >= 0.23.0, < 0.27.5 | 0.27.5 | Feb 20, 2024 | Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access | ||
| CVE-2023-36465 | — | >= 0.23.2, < 0.26.8 | 0.26.8 | Oct 6, 2023 | Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this |
- CVE-2023-47635Feb 20, 2024affected >= 0.23.0, < 0.27.5fixed 0.27.5
Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access
- CVE-2023-36465Oct 6, 2023affected >= 0.23.2, < 0.26.8fixed 0.26.8
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this