Vulnerabilities for Omniauth-facebook (...) - CXSECURITY.COM

Vulnerabilities for 'Omniauth-facebook'

2014-05-13

CVE-2013-4562

CWE-352

The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter.

Copyright 2024, cxsecurity.com