Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.
References
Link | Resource |
---|---|
http://rubysec.github.io/advisories/CVE-2012-6134/ | Broken Link |
http://seclists.org/oss-sec/2013/q1/304 | Mailing List Third Party Advisory |
https://gist.github.com/homakov/3673012 | Broken Link |
https://github.com/Shopify/omniauth-shopify-oauth2/pull/1 | Patch Third Party Advisory |
https://github.com/intridea/omniauth-oauth2/pull/25 | Patch Third Party Advisory |
Configurations
History
No history.
Information
Published : 2013-04-09 20:55
Updated : 2023-12-10 11:16
NVD link : CVE-2012-6134
Mitre link : CVE-2012-6134
CVE.ORG link : CVE-2012-6134
JSON object : View
Products Affected
omniauth-oauth2_project
- omniauth-oauth2
CWE
CWE-352
Cross-Site Request Forgery (CSRF)