RubyGems package
omniauth-facebook
pkg:gem/omniauth-facebook
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2013-4593 | — | < 1.5.1 | 1.5.1 | Dec 11, 2019 | RubyGem omniauth-facebook has an access token security vulnerability | ||
| CVE-2013-4562 | — | >= 1.4.1, < 1.5.0 | 1.5.0 | May 13, 2014 | The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter. |
- CVE-2013-4593Dec 11, 2019affected < 1.5.1fixed 1.5.1
RubyGem omniauth-facebook has an access token security vulnerability
- CVE-2013-4562May 13, 2014affected >= 1.4.1, < 1.5.0fixed 1.5.0
The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter.