CVE-2013-4562

Published: May 13, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20131112 CVE request: rubygem omniauth-facebook CSRF vurnerability

mailing-list

x_refsource_MLIST

99693

vdb-entry

x_refsource_OSVDB

https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7

x_refsource_CONFIRM

[ruby-security-ann] 20131114 [CVE-2013-4562] RubyGem omniauth-facebook CSRF vulnerability

mailing-list

x_refsource_MLIST

http://osvdb.org/ref/99/omniauth-facebook_gem.txt

x_refsource_MISC

[oss-security] 20131112 Re: Re: CVE request: rubygem omniauth-facebook CSRF vurnerability

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2013-4562

Description

Affected Products

References