Moderate severityNVD Advisory· Published May 13, 2014· Updated Jun 16, 2026
CVE-2013-4562
CVE-2013-4562
Description
The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
omniauth-facebookRubyGems | >= 1.4.1, < 1.5.0 | 1.5.0 |
Affected products
2- cpe:2.3:a:madeofcode:omniauth-facebook:1.4.1:*:*:*:*:ruby:*:*
Patches
Vulnerability mechanics
References
8- github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7nvdExploitPatchWEB
- github.com/advisories/GHSA-cf36-985g-v73cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-4562ghsaADVISORY
- seclists.org/oss-sec/2013/q4/264nvdWEB
- seclists.org/oss-sec/2013/q4/267nvdWEB
- groups.google.com/d/msg/ruby-security-ann/-tJHNlTiPh4/9SJxdEWLIawJnvdWEB
- osvdb.org/ref/99/omniauth-facebook_gem.txtnvd
- www.osvdb.org/99693nvd
News mentions
0No linked articles in our index yet.