Lucene search
Veracode Vulnerability DatabaseVERACODE:13703HistoryApr 29, 2019 - 3:16 a.m.
Cross-Site Request Forgery (CSRF)
2019-04-2903:16:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
2
0.001 Low
EPSS
Percentile
50.5%
omniauth is vulnerable to cross-site request forgery (CSRF). The request phase does not verify the authenticity of client requests, which allows a remote attacker to gain full access to a user’s account on a site that uses OmniAuth when used in combination with another CSRF vulnerability on the side of a connected OAuth provider.
| CPE | Name | Operator | Version |
|---|---|---|---|
| omniauth | le | 2.0.0.pre.rc1 | |
| ruby-omniauth:sid | eq | 1.9.1-1 | |
| ruby-omniauth:bookworm | eq | 1.9.1-1 |
Related
osv
osv
OmniAuth Ruby gem Cross-site Request Forgery in request phase
2019-05-29 19:11:31
ubuntucve
ubuntucve
CVE-2015-9284
2019-04-26 00:00:00
cvelist
cvelist
CVE-2015-9284
2019-04-26 14:03:53
github
github
OmniAuth Ruby gem Cross-site Request Forgery in request phase
2019-05-29 19:11:31
debiancve
debiancve
CVE-2015-9284
2019-04-26 15:29:00
cve
cve
CVE-2015-9284
2019-04-26 15:29:00
prion
prion
Cross site request forgery (csrf)
2019-04-26 15:29:00
nvd
nvd
CVE-2015-9284
2019-04-26 15:29:00
rubygems
rubygems
CSRF vulnerability in OmniAuth's request phase
2015-05-24 21:00:00