Search for packages
| purl | pkg:gem/administrate@0.1.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-42j5-e9g5-mycf
Aliases: CVE-2020-5257 GHSA-2p5p-m353-833w |
Sort order SQL injection in Administrate In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-f9wh-4sms-r3cy | administrate vulnerable to Cross-Site Request Forgery Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code. |
CVE-2016-3098
GHSA-cc8c-26rj-v2vx |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-30T04:15:45.205528+00:00 | GitLab Importer | Affected by | VCID-42j5-e9g5-mycf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/administrate/CVE-2020-5257.yml | 38.6.0 |
| 2026-05-29T17:29:28.772206+00:00 | GitLab Importer | Fixing | VCID-f9wh-4sms-r3cy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/administrate/CVE-2016-3098.yml | 38.6.0 |
| 2026-05-29T14:29:02.683999+00:00 | GHSA Importer | Fixing | VCID-f9wh-4sms-r3cy | https://github.com/advisories/GHSA-cc8c-26rj-v2vx | 38.6.0 |
| 2026-05-29T09:29:16.177654+00:00 | GithubOSV Importer | Fixing | VCID-f9wh-4sms-r3cy | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-cc8c-26rj-v2vx/GHSA-cc8c-26rj-v2vx.json | 38.6.0 |