CVE-2008-7248 is a vulnerability in Ruby on Rails Rails
Published on December 16, 2009

Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.

Vendor Advisory NVD

Products Associated with CVE-2008-7248

Want to know whenever a new CVE is published for Ruby on Rails Rails? stack.watch will email you.

Ruby on Rails Rails

Exploit Probability

EPSS

11.41%

Percentile

93.44%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2008-7248 is a vulnerability in Ruby on Rails RailsPublished on December 16, 2009

Products Associated with CVE-2008-7248

Exploit Probability

CVE-2008-7248 is a vulnerability in Ruby on Rails Rails
Published on December 16, 2009