Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NClockwork Web Project Clockwork Web
APPClockwork Web Project< 0.1.2Rubyonrails Rails
APPRubyonrails< 5.2.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
References
Related vulnerabilities
CVE-2020-8165CRITICAL9.8ten sam produkt
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow...
CVE-2019-5420CRITICAL9.8ten sam produkt
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker t...
CVE-2019-5418HIGH7.5⚠ KEVten sam produkt
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3...
CVE-2016-0752HIGH7.5⚠ KEVten sam produkt
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1....
CVE-2014-0130HIGH7.5⚠ KEVten sam produkt
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render impleme...