← voltar
CVE-2012-6134

CVE-2012-6134

EPSS 1.2%
Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://rubysec.github.io/advisories/CVE-2012-6134/http://seclists.org/oss-sec/2013/q1/304https://gist.github.com/homakov/3673012https://github.com/intridea/omniauth-oauth2/pull/25https://github.com/Shopify/omniauth-shopify-oauth2/pull/1