RubyGems package
omniauth-microsoft_graph
pkg:gem/omniauth-microsoft_graph
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-21632 | — | < 2.0.0 | 2.0.0 | Jan 2, 2024 | omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth miscon |
- CVE-2024-21632Jan 2, 2024affected < 2.0.0fixed 2.0.0
omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth miscon