Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Jun 2015 10:19:02 -0500
From: Tomek Rabczak <>
Subject: Cross-Site Request Forgery in Spina CMS

I discovered the lack of protect_from_forgery in Spina CMS
( which is a Rails engine that users can use in their
Rails applications. This causes a CSRF vulnerability across the entire engine
which includes administrative functionality such as creating users, changing
passwords, and media management. A fix has been pushed and can be found here:

I'd like to request a CVE for this vulnerability.

Tomek Rabczak

Download attachment "signature.asc" of type "application/pgp-signature" (497 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.