Vulnerabilities > Omniauth > Omniauth

DATE CVE VULNERABILITY TITLE RISK
2019-04-26 CVE-2015-9284 Cross-Site Request Forgery (CSRF) vulnerability in Omniauth
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user.
network
low complexity
omniauth CWE-352
8.8
2018-01-26 CVE-2017-18076 In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.
network
low complexity
omniauth debian
5.0