RSS   Vulnerabilities for 'Omniauth-facebook'   RSS

2014-05-13
 
CVE-2013-4562

CWE-352
 

 
The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top