First published: Thu Aug 18 2022(Updated: )
lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Omniauth Omniauth | <2.0.0 | |
Omniauth Omniauth | <1.9.2 | |
Omniauth Omniauth | =2.0.0-pre.rc1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.