Описание
Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.
Ссылки
- Broken Link
- Mailing ListThird Party Advisory
- Broken Link
- PatchThird Party Advisory
- PatchThird Party Advisory
- Broken Link
- Mailing ListThird Party Advisory
- Broken Link
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.1 (исключая)
cpe:2.3:a:omniauth-oauth2_project:omniauth-oauth2:*:*:*:*:*:ruby:*:*
EPSS
Процентиль: 22%
0.00072
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
debian
почти 13 лет назад
Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 ...
EPSS
Процентиль: 22%
0.00072
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352