Search for packages
| purl | pkg:gem/administrate@0.0.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-42j5-e9g5-mycf
Aliases: CVE-2020-5257 GHSA-2p5p-m353-833w |
Sort order SQL injection in Administrate In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0. |
Affected by 0 other vulnerabilities. |
|
VCID-f9wh-4sms-r3cy
Aliases: CVE-2016-3098 GHSA-cc8c-26rj-v2vx |
administrate vulnerable to Cross-Site Request Forgery Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-30T04:15:45.150961+00:00 | GitLab Importer | Affected by | VCID-42j5-e9g5-mycf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/administrate/CVE-2020-5257.yml | 38.6.0 |
| 2026-05-30T03:38:42.823043+00:00 | GitLab Importer | Affected by | VCID-f9wh-4sms-r3cy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/administrate/CVE-2016-3098.yml | 38.6.0 |