Lucene search
K

5 matches found

Debian
Debian
added 2018/02/10 2:35 a.m.21 views

[SECURITY] [DSA 4109-1] ruby-omniauth security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4109-1 [email protected] https://www.debian.org/security/ February 09, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

5CVSS1.2AI score0.02143EPSS
Exploits0
Debian
Debian
added 2018/02/10 2:35 a.m.21 views

[SECURITY] [DSA 4109-1] ruby-omniauth security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4109-1 [email protected] https://www.debian.org/security/ February 09, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

7.5CVSS7.5AI score0.02143EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/02/08 12:0 a.m.37 views

Debian: Security Advisory (DSA-4109-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.02143EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/01/26 7:0 p.m.25 views

CVE-2017-18076

In strategy.rb in OmniAuth before 1.3.2, the authenticitytoken value is improperly protected because POST in addition to GET parameters are stored in the session and become available in the environment of the callback phase...

7.4AI score0.02143EPSS
Exploits0References4
CVE
CVE
added 2018/01/26 7:0 p.m.100 views

CVE-2017-18076

CVE-2017-18076 affects the OmniAuth Ruby library, specifically the code path in strategy.rb prior to version 1.3.2. The vulnerability stems from POST parameters being stored in the session in addition to GET parameters, which makes the authenticity_token (CSRF token) available in the callback pha...

7.5CVSS7.2AI score0.02143EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder