Lucene search
PRIOn knowledge basePRION:CVE-2015-9284HistoryApr 26, 2019 - 3:29 p.m.
Cross site request forgery (csrf)
2019-04-2615:29:00
PRIOn knowledge base
www.prio-n.com
1
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
Related
osv
osv
OmniAuth Ruby gem Cross-site Request Forgery in request phase
2019-05-29 19:11:31
veracode
veracode
Cross-Site Request Forgery (CSRF)
2019-04-29 03:16:48
cve
cve
CVE-2015-9284
2019-04-26 15:29:00
ubuntucve
ubuntucve
CVE-2015-9284
2019-04-26 00:00:00
cvelist
cvelist
CVE-2015-9284
2019-04-26 14:03:53
github
github
OmniAuth Ruby gem Cross-site Request Forgery in request phase
2019-05-29 19:11:31
debiancve
debiancve
CVE-2015-9284
2019-04-26 15:29:00
nvd
nvd
CVE-2015-9284
2019-04-26 15:29:00
rubygems
rubygems
CSRF vulnerability in OmniAuth's request phase
2015-05-24 21:00:00