CVE-2020-36599

Опубликовано: 18 авг. 2022

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 9.8

Описание

lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	needs-triage
kinetic	ignored	end of life, was needs-triage

Показывать по

EPSS

Процентиль: 69%

0.00585

Низкий

9.8 Critical

CVSS3

CVE-2020-36599

CVSS3: 9.8

nvd

больше 3 лет назад

lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.

CVE-2020-36599

CVSS3: 9.8

debian

больше 3 лет назад

lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before ...

GHSA-pm55-qfxr-h247

CVSS3: 9.8

github

больше 3 лет назад

OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value

EPSS

Процентиль: 69%

0.00585

Низкий

9.8 Critical

CVSS3