Ruby on Rails omniauth-oauth2 Gem CSRF vulnerability
Published: September 08, 2012
SECURITY IDENTIFIERS
- CVE: CVE-2012-6134 (NVD)
- GHSA: GHSA-fgmx-8h93-26fh
- OSVDB: OSVDB-90264
GEM
SEVERITY
CVSS v2.0: 6.8 (Medium)
PATCHED VERSIONS
>= 1.1.1
DESCRIPTION
The omniauth-oauth2 Ruby Gem contains a flaw that allows an attacker to inject values into a user's session through a CSRF attack.