3 matches found
CVE-2020-26254
creationtimestamp| type| source ---|---|--- 2020-12-08 18:31:10+00:00| seen| https://t.me/cibsecurity/17252...
CVE-2020-26254
The CVE concerns the RubyGem omniauth-apple, used as an OmniAuth strategy for Sign In with Apple. In affected versions prior to 1.0.1, an attacker can set the value of info.email in OmniAuth's Auth Hash Schema to an arbitrary email (including others’ addresses). This can enable spoofed identities...
CVE-2020-26254 omniauth-apple allows attacker to fake their email address during authentication
omniauth-apple is the OmniAuth strategy for "Sign In with Apple" RubyGem omniauth-apple. In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the...