CVE-2012-6134

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
6.8
MEDIUM
Affected
2
PROJECTS

Description

Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.

omniauth/omniauth-oauth2
omniauth/omniauth-oauth2
An abstract OAuth2 strategy for OmniAuth.
GitHubGitHub
511
Shopify/omniauth-shopify-oauth2
Shopify/omniauth-shopify-oauth2
Shopify OAuth2 Strategy for OmniAuth 1.0
GitHubGitHub
92