11 matches found
CVE-2020-26254
omniauth-apple is the OmniAuth strategy for "Sign In with Apple" RubyGem omniauth-apple. In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the...
Email Spoofing
omniauth-apple is vulnerable to email spoofing. An attacker is able to set their email to an arbitrary value, including email addresses of other users, for verification, which could potentially result in authentication or authorization bypasses...
CVE-2020-26254
omniauth-apple is the OmniAuth strategy for "Sign In with Apple" RubyGem omniauth-apple. In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the...
Authentication flaw
omniauth-apple is the OmniAuth strategy for "Sign In with Apple" RubyGem omniauth-apple. In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the...
CVE-2020-26254 omniauth-apple allows attacker to fake their email address during authentication
omniauth-apple is the OmniAuth strategy for "Sign In with Apple" RubyGem omniauth-apple. In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the...
CVE-2020-26254
The CVE concerns the RubyGem omniauth-apple, used as an OmniAuth strategy for Sign In with Apple. In affected versions prior to 1.0.1, an attacker can set the value of info.email in OmniAuth's Auth Hash Schema to an arbitrary email (including others’ addresses). This can enable spoofed identities...
GHSA-49R3-2549-3633 omniauth-apple allows attacker to fake their email address during authentication
Impact This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the info.email field of OmniAuth's Auth Hash Schema for any kind of identification. The value of this field may be set to any value of the attacker's choice including email addresses of other...
omniauth-apple allows attacker to fake their email address during authentication
Impact This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the info.email field of OmniAuth's Auth Hash Schema for any kind of identification. The value of this field may be set to any value of the attacker's choice including email addresses of other...
Authentication Bypass
Overview omniauth-apple is an OmniAuth strategy for Sign In with Apple. Affected versions of this package are vulnerable to Authentication Bypass. Attackers could fake their email address during authentication. Note: This vulnerability impacts only applications using the omniauth-apple strategy o...
omniautho-apple security breach
OmniAuth is an authentication system implemented using Rack middleware. A security vulnerability exists in omniautho-apple versions prior to 1.0.1, which can be exploited by an attacker to spoof their email address during the authentication process. This vulnerability affects omniautho-apple...
omniauth-apple allows attacker to fake their email address during authentication
Impact This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the info.email field of OmniAuth's Auth Hash Schema for any kind of identification. The value of this field may be set to any value of the attacker's choice including email addresses of other...