Описание
lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ruby-omniauth | fixed | 2.0.4-1~exp1 | experimental | package |
| ruby-omniauth | fixed | 2.0.4-2 | package | |
| ruby-omniauth | no-dsa | bullseye | package | |
| ruby-omniauth | no-dsa | buster | package |
Примечания
https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3ed3ff00 (v2.0.0-rc1)
EPSS
Процентиль: 68%
0.00585
Низкий
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 3 лет назад
lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.
CVSS3: 9.8
nvd
больше 3 лет назад
lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.
CVSS3: 9.8
github
больше 3 лет назад
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
EPSS
Процентиль: 68%
0.00585
Низкий