Sha256: d806be42cad90b908ae19498c930622e474346a770e146b6e1e35e44dfc9ddef

Contents?: true

Size: 666 Bytes

Versions: 8

Compression:

Stored size: 666 Bytes

Contents

---
gem: omniauth-facebook
cve: 2013-4562
osvdb: 99693
url: http://www.osvdb.org/show/osvdb/99693
title: omniauth-facebook Gem for Ruby Unspecified CSRF 
date: 2013-11-12

description: |
  omniauth-facebook Gem for Ruby contains a flaw as HTTP requests do not
  require multiple steps, explicit confirmation, or a unique token when
  performing certain sensitive actions. By tricking a user into following
  a specially crafted link, a context-dependent attacker can perform a
  Cross-Site Request Forgery (CSRF / XSRF) attack causing the victim to
  perform an unspecified action.

cvss_v2: 6.8

patched_versions:
  - ">= 1.5.0"
unaffected_versions:
  - "<= 1.4.0"

Version data entries

8 entries across 8 versions & 3 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99693.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99693.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99693.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99693.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99693.yml
bundler-audit-0.4.0 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99693.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99693.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/omniauth-facebook/OSVDB-99693.yml