5 matches found
[SECURITY] [DSA 4109-1] ruby-omniauth security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4109-1 [email protected] https://www.debian.org/security/ February 09, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
[SECURITY] [DSA 4109-1] ruby-omniauth security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4109-1 [email protected] https://www.debian.org/security/ February 09, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
Debian: Security Advisory (DSA-4109-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-18076
In strategy.rb in OmniAuth before 1.3.2, the authenticitytoken value is improperly protected because POST in addition to GET parameters are stored in the session and become available in the environment of the callback phase...
CVE-2017-18076
CVE-2017-18076 affects the OmniAuth Ruby library, specifically the code path in strategy.rb prior to version 1.3.2. The vulnerability stems from POST parameters being stored in the session in addition to GET parameters, which makes the authenticity_token (CSRF token) available in the callback pha...