ADVISORIES
GEM
SEVERITY
CVSS v3.x: 9.8 (Critical)
PATCHED VERSIONS
- ~> 1.9.2
- >= 2.0.0
DESCRIPTION
lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.
| Get Updates: | Via Atom | On Twitter | On GitHub |
RubySec
Providing security resources for the Ruby community