2 matches found
SUSE CVE-2013-4562
The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery CSRF attacks via the state parameter...
CVE-2013-4562
The CVE-2013-4562 weakness affects the omniauth-facebook gem (versions 1.4.1 prior to 1.5.0). The root cause is that the session parameter is not properly stored, enabling remote attackers to perform CSRF via the state parameter. Consequences include potential CSRF attacks against users authentic...