CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-6134

Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.8%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2012-6134

Omniauth-Oauth2 Project » Omniauth-Oauth2 » Version: 1.0.0

cpe:2.3:a:omniauth-oauth2_project:omniauth-oauth2:1.0.0
Omniauth-Oauth2 Project » Omniauth-Oauth2 » Version: 1.0.1

cpe:2.3:a:omniauth-oauth2_project:omniauth-oauth2:1.0.1
Omniauth-Oauth2 Project » Omniauth-Oauth2 » Version: 1.0.2

cpe:2.3:a:omniauth-oauth2_project:omniauth-oauth2:1.0.2
Omniauth-Oauth2 Project » Omniauth-Oauth2 » Version: 1.0.3

cpe:2.3:a:omniauth-oauth2_project:omniauth-oauth2:1.0.3
Omniauth-Oauth2 Project » Omniauth-Oauth2 » Version: 1.1.0

cpe:2.3:a:omniauth-oauth2_project:omniauth-oauth2:1.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-6134

Products

Pricing

Contact Us