[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: Ruby on Rails: CSRF circumvention
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2009-12-12 1:48:15
Message-ID: Pine.GSO.4.64.0912112047520.29993 () faron ! mitre ! org
[Download RAW message or body]


On Wed, 2 Dec 2009, Josh Bressers wrote:

> ----- "Alex Legler" <a3li@gentoo.org> wrote:
>>
>> http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
>> http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
>>
>
> Steve,
>
> Can you give this one a 2008 ID?

Use CVE-2008-7248, to be filled in later.

- Steve
[prev in list] [next in list] [prev in thread] [next in thread]