spina

RubyGems3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting spinapage 1 of 1

CVE-2015-4619HIGHCVSS 8.8EG 8.8✓ Fixed in 0.6.29
2017-09-07
vulnerable: 0.6.11 ... 0.6.28 (18 versions)
Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75.
CVE-2023-3445MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.15.1
2023-06-28
vulnerable: 0.10.0 ... 2.9.1 (72 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spina prior to 2.15.1.
CVE-2024-7106MEDIUMCVSS 4.3EG 4.3
2024-07-25
vulnerable: 0.10.0 ... 2.9.1 (76 versions)
A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/media_folders. The manipulation leads to cross-site request forgery. The attack can be l…

Check whether spina is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for spina CVEs against the assets you own.

Start Free Scan →