WS-2017-0180 (Medium) detected in devise_invitable-1.3.4.gem #21
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2017-0180 - Medium Severity Vulnerability
It adds support for send invitations by email (it requires to be authenticated) and accept the invitation by setting a password.
Library home page: https://rubygems.org/gems/devise_invitable-1.3.4.gem
Path to dependency file: /example-rubygems-travis/Gemfile.lock
Path to vulnerable library: /gems/2.3.0/cache/devise_invitable-1.3.4.gem
Dependency Hierarchy:
Found in HEAD commit: a4378db10e5839219d3a7b5cb4cb4bc333c6e756
Affected versions of the package are vulnerable to Cross-Site Request Forgery (CSRF) attacks.
Publish Date: 2017-03-28
URL: WS-2017-0180
Base Score Metrics not available
Type: Change files
Origin: scambra/devise_invitable@d1bb19e
Release Date: 2014-04-14
Fix Resolution: Replace or update the following file: invitations_controller.rb
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: