actionpack Moderate
Discovered over 1 year ago
Published over 1 year ago
Category: Other
Severity: Moderate

It is possible to possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session.

Versions Affected: rails < 5.2.5, rails < 6.0.4 Not affected: Applications without existing HTML injection vulnerabilities. Fixed Versions: rails >=, rails >=


Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for that session.


This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

~> 5.2.4 >= >=

Unaffected Versions