Moderate severityNVD Advisory· Published Apr 9, 2013· Updated Jun 16, 2026
CVE-2012-6134
CVE-2012-6134
Description
Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
omniauth-oauth2RubyGems | < 1.1.1 | 1.1.1 |
Affected products
2- cpe:2.3:a:omniauth-oauth2_project:omniauth-oauth2:*:*:*:*:*:ruby:*:*Range: <1.1.1
Patches
Vulnerability mechanics
References
10- github.com/Shopify/omniauth-shopify-oauth2/pull/1nvdPatchThird Party AdvisoryWEB
- github.com/intridea/omniauth-oauth2/pull/25nvdPatchThird Party AdvisoryWEB
- seclists.org/oss-sec/2013/q1/304nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-fgmx-8h93-26fhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-6134ghsaADVISORY
- rubysec.github.io/advisories/CVE-2012-6134ghsaWEB
- rubysec.github.io/advisories/CVE-2012-6134/nvdBroken Link
- gist.github.com/homakov/3673012nvdBroken Link
- github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-oauth2/CVE-2012-6134.ymlghsaWEB
- web.archive.org/web/20170312020947/https://gist.github.com/homakov/3673012ghsaWEB
News mentions
0No linked articles in our index yet.