CVE-2013-4562

Published May 13th, 2014

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter.

simi/omniauth-facebook

Facebook OAuth2 Strategy for OmniAuth

GitHub

1.27K