CVE-2020-36599

Published August 18th, 2022

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

2

PROJECTS

Description

lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.

A generalized Rack framework for multiple-provider authentication.

RubyGems

213M

omniauth/omniauth

OmniAuth is a flexible authentication system utilizing Rack middleware.

GitHub

8.08K