Search for packages
| purl | pkg:gem/spina@0.6.29 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4u2v-fy8u-vqbh
Aliases: CVE-2024-7106 GHSA-wqw3-p83g-r24v |
Cross-Site Request Forgery in Spina A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/media_folders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272431. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5zzh-vq9s-hfbh | CSRF vulnerability The application is vulnerable to Cross-Site Request Forgery because of the lack of "protect_from_forgery" in the Rails controllers. |
CVE-2015-4619
GHSA-2hxv-mx8x-mcj9 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-05T21:06:03.556823+00:00 | GHSA Importer | Fixing | VCID-5zzh-vq9s-hfbh | https://github.com/advisories/GHSA-2hxv-mx8x-mcj9 | 38.6.0 |
| 2026-06-04T19:32:17.752360+00:00 | GHSA Importer | Affected by | VCID-4u2v-fy8u-vqbh | https://github.com/advisories/GHSA-wqw3-p83g-r24v | 38.6.0 |
| 2026-06-04T17:39:26.039331+00:00 | GithubOSV Importer | Fixing | VCID-5zzh-vq9s-hfbh | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/08/GHSA-2hxv-mx8x-mcj9/GHSA-2hxv-mx8x-mcj9.json | 38.6.0 |
| 2026-06-02T04:37:03.714820+00:00 | GitLab Importer | Fixing | VCID-5zzh-vq9s-hfbh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/spina/CVE-2015-4619.yml | 38.6.0 |