MEDIUM🇵🇱 Wersja polska

CVE-2023-25015

CVSS 6.5v3.1pub. 2023-02-02upd. 2025-03-26

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
  • Clockwork Web Project Clockwork Web

    APP
    Clockwork Web Project
    < 0.1.2
  • Rubyonrails Rails

    APP
    Rubyonrails
    < 5.2.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-8165CRITICAL9.8ten sam produkt

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow...

CVE-2019-5420CRITICAL9.8ten sam produkt

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker t...

CVE-2019-5418HIGH7.5⚠ KEVten sam produkt

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3...

CVE-2016-0752HIGH7.5⚠ KEVten sam produkt

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1....

CVE-2014-0130HIGH7.5⚠ KEVten sam produkt

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render impleme...