omniauth-apple is vulnerable to email spoofing. An attacker is able to set their email to an arbitrary value, including email addresses of other users, for verification, which could potentially result in authentication or authorization bypasses.
CPE | Name | Operator | Version |
---|---|---|---|
omniauth-apple | le | 1.0.0 |