RubySec

Providing security resources for the Ruby community

CVE-2012-6134 (omniauth-oauth2): Ruby on Rails omniauth-oauth2 Gem CSRF vulnerability

ADVISORIES

GEM

omniauth-oauth2

SEVERITY

CVSS v2.0: 6.8 (Medium)

PATCHED VERSIONS

  • >= 1.1.1

DESCRIPTION

The omniauth-oauth2 Ruby Gem contains a flaw that allows an attacker to inject values into a user’s session through a CSRF attack.