SRCCLR-SID-3173: Cross-Site Request Forgery

December 21, 2016

The ApplicationController is not protected against CSRF (Cross-Site Request Forgery).

References

github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a
www.sourceclear.com/registry/security/cross-site-request-forgery-csrf-/ruby/sid-3173

Code Behaviors & Features

Detect and mitigate SRCCLR-SID-3173 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →