CVE-2012-6134

EUVD-2017-0228
Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
omniauth-oauth2_projectomniauth-oauth2
𝑥
< 1.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ruby-omniauth-oauth2
bookworm
1.8.0-1
fixed
bullseye
1.6.0-1
fixed
sid
1.8.0-1
fixed
trixie
1.8.0-1
fixed
Common Weakness Enumeration
References
http://rubysec.github.io/advisories/CVE-2012-6134/
http://seclists.org/oss-sec/2013/q1/304
https://gist.github.com/homakov/3673012
https://github.com/Shopify/omniauth-shopify-oauth2/pull/1
https://github.com/intridea/omniauth-oauth2/pull/25
http://rubysec.github.io/advisories/CVE-2012-6134/
http://seclists.org/oss-sec/2013/q1/304
https://gist.github.com/homakov/3673012
https://github.com/Shopify/omniauth-shopify-oauth2/pull/1
https://github.com/intridea/omniauth-oauth2/pull/25