RubySec

Providing security resources for the Ruby community

CVE-2012-6134: Ruby on Rails omniauth-oauth2 Gem CSRF vulnerability

ADVISORIES

GEM

omniauth-oauth2

PATCHED VERSIONS

  • >= 1.1.1

DESCRIPTION

The omniauth-oauth2 Ruby Gem contains a flaw that allows an attacker to inject values into a user's session through a CSRF attack.