Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
omniauth omniauth vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-36599
lib/omniauth/failure_endpoint.rb in OmniAuth prior to 1.9.2 (and prior to 2.0) does not escape the message_key value.
Omniauth Omniauth
610
VMScore
CVE-2015-9284
The request phase of the OmniAuth Ruby gem (1.9.1 and previous versions) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a ...
Omniauth Omniauth
16 Github repositories
445
VMScore
CVE-2020-26254
omniauth-apple is the OmniAuth strategy for "Sign In with Apple" (RubyGem omniauth-apple). In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of O...
Omniauth-apple Project Omniauth-apple
605
VMScore
CVE-2012-6134
Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and previous versions for Ruby allows remote malicious users to hijack the authentication of users for requests that modify session state.
Omniauth-oauth2 Project Omniauth-oauth2
1 Github repository
445
VMScore
CVE-2013-4593
RubyGem omniauth-facebook has an access token security vulnerability
Omniauth-facebook Project Omniauth-facebook
668
VMScore
CVE-2019-17268
The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions up to and including 0.4.5, and 0.5.1 and later, are unaffected.
Omniauth-weibo-oauth2 Project Omniauth-weibo-oauth2 0.4.6
1 Github repository
445
VMScore
CVE-2017-18076
In strategy.rb in OmniAuth prior to 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.
Omniauth Omniauth
Debian Debian Linux 9.0
Debian Debian Linux 8.0
NA
CVE-2024-21632
omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth miscon...
Recognizeapp Omniauth\\ \\
516
VMScore
CVE-2020-15240
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an malicious user to bypass authentication and authorization. You are a...
Auth0 Omniauth-auth0
605
VMScore
CVE-2013-4562
The omniauth-facebook gem 1.4.1 prior to 1.5.0 does not properly store the session parameter, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks via the state parameter.
Madeofcode Omniauth-facebook 1.4.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »