Описание
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
Ссылки
- Third Party Advisory
- PatchThird Party Advisory
- MitigationThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- MitigationThird Party Advisory
- Mailing ListPatchThird Party Advisory
Уязвимые конфигурации
EPSS
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ...
OmniAuth Ruby gem Cross-site Request Forgery in request phase
EPSS
8.8 High
CVSS3
6.8 Medium
CVSS2