CVE-2020-36599

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-36599

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36599.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36599

Aliases

GHSA-pm55-qfxr-h247

Downstream

DEBIAN-CVE-2020-36599

UBUNTU-CVE-2020-36599

Published

2022-08-18T23:15:08.187Z

Modified

2026-03-14T01:43:49.505277Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the messagekey value.

References

Affected packages

Git / github.com/omniauth/omniauth

Affected ranges

Type

GIT

Repo

https://github.com/omniauth/omniauth

Events

Introduced

Fixed

74526f0f12133048b62157f90b2783ca95ba8c98

Introduced

Last affected

97714aa6a5da8e3b7e76e52cccd82110ab204adf

Fixed

43a396f181ef7d0ed2ec8291c939c95e3ed3ff00

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.9.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0-pre\\.rc1"
        }
    ]
}

Affected versions

v0.*

v0.0.1

v0.0.3

v0.0.4

v0.1.1

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.2.0

v0.2.0.beta1

v0.2.0.beta2

v0.2.0.beta4

v0.2.0.beta5

v0.2.1

v0.2.2

v0.2.3

v0.2.4

v0.2.5

v0.2.6

v0.3.0.rc1

v0.3.0.rc2

v0.3.0.rc3

v1.*

v1.0.0

v1.0.0.beta1

v1.0.0.pr1

v1.0.0.pr2

v1.0.0.rc1

v1.0.0.rc2

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.2.0

v1.2.1

v1.2.2

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.5.0

v1.6.0

v1.6.1

v1.7.0

v1.7.1

v1.8.0

v1.8.1

v1.9.0

v1.9.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36599.json"