GHSA-fgmx-8h93-26fh

Source

https://github.com/advisories/GHSA-fgmx-8h93-26fh

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-fgmx-8h93-26fh/GHSA-fgmx-8h93-26fh.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-fgmx-8h93-26fh

Aliases

CVE-2012-6134

Published

2017-10-24T18:33:37Z

Modified

2024-12-05T05:39:59.934310Z

Summary

omniauth-oauth2 Cross-Site Request Forgery vulnerability

Details

Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem prior to 1.1.1 for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-352"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:34:38Z"
}

References

Affected packages

RubyGems / omniauth-oauth2

Package

Name: omniauth-oauth2
Purl: pkg:gem/omniauth-oauth2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1

Affected versions

1.*

1.0.0.beta1

1.0.0.pr1

1.0.0.pr2

1.0.0.rc1

1.0.0.rc2

1.0.0

1.0.1

1.0.2

1.0.3

1.1.0