Skip to main content

Omniauth Facebook

1 CVEs product

Monthly

CVE-2013-4562 Ruby MEDIUM POC PATCH This Month

The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Omniauth Facebook
NVD GitHub
CVSS 2.0
6.8
EPSS
0.5%
EPSS 0% CVSS 6.8
MEDIUM POC PATCH This Month

The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Omniauth Facebook
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy