Critical severityNVD Advisory· Published Aug 18, 2022· Updated Aug 4, 2024
CVE-2020-36599
CVE-2020-36599
Description
lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
omniauthRubyGems | < 1.9.2 | 1.9.2 |
omniauthRubyGems | >= 2.0.0.pre.rc1, < 2.0.0 | 2.0.0 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-pm55-qfxr-h247ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-36599ghsaADVISORY
- github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3ed3ff00ghsax_refsource_MISCWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth/CVE-2020-36599.ymlghsaWEB
- rubygems.org/gems/omniauth/versions/1.9.2ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.