Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Thoughtbot Subscribe
Filtered by product Administrate
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-3098 1 Thoughtbot 1 Administrate 2022-08-06 N/A 5.4 MEDIUM
Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.
CVE-2020-5257 1 Thoughtbot 1 Administrate 2020-03-18 5.5 MEDIUM 8.1 HIGH
In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0.