VYPR

RubyGems package

omniauth-microsoft_graph

pkg:gem/omniauth-microsoft_graph

Vulnerabilities (1)

  • CVE-2024-21632Jan 2, 2024
    affected < 2.0.0fixed 2.0.0

    omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth miscon