Moderate severityNVD Advisory· Published Apr 9, 2013· Updated Apr 29, 2026
CVE-2012-6134
CVE-2012-6134
Description
Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
omniauth-oauth2RubyGems | < 1.1.1 | 1.1.1 |
Affected products
1- cpe:2.3:a:omniauth-oauth2_project:omniauth-oauth2:*:*:*:*:*:ruby:*:*Range: <1.1.1
Patches
212e1bc332eda0a520450fe86https://github.com/intridea/omniauth-oauth2via nvd-ref
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
10- github.com/Shopify/omniauth-shopify-oauth2/pull/1nvdPatchThird Party AdvisoryWEB
- github.com/intridea/omniauth-oauth2/pull/25nvdPatchThird Party AdvisoryWEB
- seclists.org/oss-sec/2013/q1/304nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-fgmx-8h93-26fhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-6134ghsaADVISORY
- rubysec.github.io/advisories/CVE-2012-6134ghsaWEB
- rubysec.github.io/advisories/CVE-2012-6134/nvdBroken Link
- gist.github.com/homakov/3673012nvdBroken Link
- github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-oauth2/CVE-2012-6134.ymlghsaWEB
- web.archive.org/web/20170312020947/https://gist.github.com/homakov/3673012ghsaWEB
News mentions
0No linked articles in our index yet.