omniauth

Releases70

Frequency2 months 2 weeks

Last Release 9 months ago

Downloads213M

A generalized Rack framework for multiple-provider authentication.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-36599 ↗	Aug 18, 2022Thursday, 18 August 2022, 23:15	9.8 CRITICAL	—
lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.