ADVISORIES
- CVE-2013-4562 (NVD)
- GHSA-cf36-985g-v73c
- OSVDB-99693
GEM
SEVERITY
CVSS v2.0: 6.8 (Medium)
UNAFFECTED VERSIONS
- <= 1.4.0
PATCHED VERSIONS
- >= 1.5.0
DESCRIPTION
omniauth-facebook Gem for Ruby contains a flaw as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack causing the victim to perform an unspecified action.