Date: Tue, 16 Jun 2015 10:19:02 -0500 From: Tomek Rabczak <tomek@...asano.com> To: oss-security@...ts.openwall.com Subject: Cross-Site Request Forgery in Spina CMS I discovered the lack of protect_from_forgery in Spina CMS (http://www.spinacms.com/) which is a Rails engine that users can use in their Rails applications. This causes a CSRF vulnerability across the entire engine which includes administrative functionality such as creating users, changing passwords, and media management. A fix has been pushed and can be found here: https://github.com/denkGroot/Spina/commit/bfe44f289e336f80b6593032679300c493735e75. I'd like to request a CVE for this vulnerability. Thanks, Tomek Rabczak Download attachment "signature.asc" of type "application/pgp-signature" (497 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.