exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2015-9284

почти 7 лет назад

The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.

CVSS3: 8.8

EPSS: Низкий

CVE-2015-9284

больше 10 лет назад

The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.

CVSS3: 8.1

EPSS: Низкий

CVE-2015-9284

почти 7 лет назад

The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.

CVSS3: 8.8

EPSS: Низкий

CVE-2015-9284

почти 7 лет назад

The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ...

CVSS3: 8.8

EPSS: Низкий

GHSA-ww4x-rwq6-qpgf

больше 6 лет назад

OmniAuth Ruby gem Cross-site Request Forgery in request phase

CVSS3: 8.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2015-9284 The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.	CVSS3: 8.8	0% Низкий	почти 7 лет назад
CVE-2015-9284 The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.	CVSS3: 8.1	0% Низкий	больше 10 лет назад
CVE-2015-9284 The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.	CVSS3: 8.8	0% Низкий	почти 7 лет назад
CVE-2015-9284 The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ...	CVSS3: 8.8	0% Низкий	почти 7 лет назад
GHSA-ww4x-rwq6-qpgf OmniAuth Ruby gem Cross-site Request Forgery in request phase	CVSS3: 8.8	0% Низкий	больше 6 лет назад

Уязвимостей на страницу