Vulnerabilities > Madeofcode > Omniauth Facebook > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-13 | CVE-2013-4562 | Cross-Site Request Forgery (CSRF) vulnerability in Madeofcode Omniauth-Facebook 1.4.1 The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter. | 6.8 |