Description
Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.
References (5)
Core 5
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/Shopify/omniauth-shopify-oauth2/pull/1
Patch, Third Party Advisory x_refsource_confirm
https://github.com/intridea/omniauth-oauth2/pull/25
Broken Link x_refsource_misc
http://rubysec.github.io/advisories/CVE-2012-6134/
Broken Link x_refsource_misc
https://gist.github.com/homakov/3673012
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q1/304
Scores
EPSS
0.0007
EPSS Percentile
21.8%
Details
CWE
CWE-352
Status
published
Products (2)
omniauth-oauth2_project/omniauth-oauth2
< 1.1.1
rubygems/omniauth-oauth2
0 - 1.1.1RubyGems
Published
Apr 09, 2013
Tracked Since
Feb 18, 2026