Sha256: 5aa4aa61df20d98a3a520898f29380da7025940492f6aef650ac9838d5f45966

Contents?: true

Size: 496 Bytes

Versions: 8

Compression:

Stored size: 496 Bytes

Contents

---
gem: omniauth-facebook
cve: 2013-4593
osvdb: 99888
url: http://www.osvdb.org/show/osvdb/99888
title: omniauth-facebook Gem for Ruby Insecure Access Token Handling Authentication Bypass 
date: 2013-11-14

description: |
  omniauth-facebook Gem for Ruby contains a flaw that is due to the application
  supporting passing the access token via the URL. This may allow a remote
  attacker to bypass authentication and authenticate as another user.

cvss_v2: 6.8

patched_versions:
  - ">= 1.5.1"

Version data entries

8 entries across 8 versions & 3 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99888.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99888.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99888.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99888.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99888.yml
bundler-audit-0.4.0 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99888.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99888.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99888.yml