Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2013-4562
Deferred
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-13 May, 2014 | 15:55
Updated At-12 Apr, 2025 | 10:46

The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
madeofcode
madeofcode
>>omniauth-facebook>>1.4.1
cpe:2.3:a:madeofcode:omniauth-facebook:1.4.1:*:*:*:*:ruby:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://osvdb.org/ref/99/omniauth-facebook_gem.txtsecalert@redhat.com
N/A
http://seclists.org/oss-sec/2013/q4/264secalert@redhat.com
N/A
http://seclists.org/oss-sec/2013/q4/267secalert@redhat.com
N/A
http://www.osvdb.org/99693secalert@redhat.com
N/A
https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7secalert@redhat.com
Exploit
Patch
https://groups.google.com/d/msg/ruby-security-ann/-tJHNlTiPh4/9SJxdEWLIawJsecalert@redhat.com
N/A
http://osvdb.org/ref/99/omniauth-facebook_gem.txtaf854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/oss-sec/2013/q4/264af854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/oss-sec/2013/q4/267af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/99693af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
https://groups.google.com/d/msg/ruby-security-ann/-tJHNlTiPh4/9SJxdEWLIawJaf854a3a-2127-422b-91ae-364da2661108
N/A
Change History
0Changes found
Details not found