simi/omniauth-facebook

Releases24

Frequency5 months 1 week

Last Release over 4 years ago

Stars1.27K

Facebook OAuth2 Strategy for OmniAuth

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2013-4562 ↗	May 13, 2014Tuesday, 13 May 2014, 15:55	—	6.8 MEDIUM
The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter.