Lucene search
HackeroneCVELIST:CVE-2015-9284HistoryApr 26, 2019 - 2:03 p.m.
CVE-2015-9284
2019-04-2614:03:53
CWE-352
hackerone
www.cve.org
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
CNA Affected
[
{
"product": "omniauth ruby gem",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
]Related
veracode
veracode
Cross-Site Request Forgery (CSRF)
2019-04-29 03:16:48
osv
osv
OmniAuth Ruby gem Cross-site Request Forgery in request phase
2019-05-29 19:11:31
cve
cve
CVE-2015-9284
2019-04-26 15:29:00
ubuntucve
ubuntucve
CVE-2015-9284
2019-04-26 00:00:00
github
github
OmniAuth Ruby gem Cross-site Request Forgery in request phase
2019-05-29 19:11:31
debiancve
debiancve
CVE-2015-9284
2019-04-26 15:29:00
prion
prion
Cross site request forgery (csrf)
2019-04-26 15:29:00
nvd
nvd
CVE-2015-9284
2019-04-26 15:29:00
rubygems
rubygems
CSRF vulnerability in OmniAuth's request phase
2015-05-24 21:00:00