DSA-4109-1 ruby-omniauth -- ruby-omniauthID: oval:org.secpod.oval:def:603265 | Date: (C)2018-02-28 (M)2021-09-13 |
Class: PATCH | Family: unix |
Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authentication services from this module and access to the CSRF token.
Platform: |
Debian 8.x |
Debian 9.x |