Contents

---
gem: omniauth-oauth2
cve: 2012-6134
osvdb: 90264
url: https://nvd.nist.gov/vuln/detail/CVE-2012-6134
title: Ruby on Rails omniauth-oauth2 Gem CSRF vulnerability
date: 2012-09-08

description: |
  The omniauth-oauth2 Ruby Gem contains a flaw that allows an attacker to
  inject values into a user's session through a CSRF attack.

cvss_v2: 6.8

patched_versions:
  - ">= 1.1.1"

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/gems/omniauth-oauth2/CVE-2012-6134.yml