Is trestle-auth affected by CVE-2021-29435?

RubyGems trestle-auth is affected in >=0.4.0 <0.4.2.

Is CVE-2021-29435 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.7%.

high

CVE-2021-29435

Q: Is CVE-2021-29435 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.7%.

RubyGems · trestle-auth

Summary

Cross-Site Request Forgery (CSRF) in trestle-auth

Severity: high
EPSS: 0.7% (p47)
Also known as: GHSA-h8hx-2c5r-32cf
Published: 2021-04-13

References

https://github.com/TrestleAdmin/trestle-auth/security/advisories/GHSA-h8hx-2c5r-32cf
https://nvd.nist.gov/vuln/detail/CVE-2021-29435
https://github.com/TrestleAdmin/trestle-auth/commit/cb95b05cdb2609052207af07b4b8dfe3a23c11dc

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.