CVE-2008-7248
Publication date 16 December 2009
Last updated 24 July 2024
Ubuntu priority
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
Status
Package | Ubuntu Release | Status |
---|---|---|
rails | 11.04 natty |
Not affected
|
10.10 maverick |
Not affected
|
|
10.04 LTS lucid |
Not affected
|
|
9.10 karmic |
Not affected
|
|
9.04 jaunty | Ignored end of life | |
8.10 intrepid | Ignored end of life, was needs-triage | |
8.04 LTS hardy | Ignored end of life | |
6.06 LTS dapper | Ignored end of life |