CVE-2013-4593
https://notcve.org/view.php?id=CVE-2013-4593
RubyGem omniauth-facebook has an access token security vulnerability RubyGem omniauth-facebook presenta una vulnerabilidad de seguridad de token de acceso. • http://www.openwall.com/lists/oss-security/2013/11/18/6 https://access.redhat.com/security/cve/cve-2013-4593 https://exchange.xforce.ibmcloud.com/vulnerabilities/89040 https://security-tracker.debian.org/tracker/CVE-2013-4593 • CWE-287: Improper Authentication •
CVE-2013-4562
https://notcve.org/view.php?id=CVE-2013-4562
The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter. La gema omniauth-facebook 1.4.1 anterior a 1.5.0 no almacena debidamente el parámetro session, lo que permite a atacantes remotos realizar ataques de CSRF a través del parámetro state. • http://osvdb.org/ref/99/omniauth-facebook_gem.txt http://seclists.org/oss-sec/2013/q4/264 http://seclists.org/oss-sec/2013/q4/267 http://www.osvdb.org/99693 https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7 https://groups.google.com/d/msg/ruby-security-ann/-tJHNlTiPh4/9SJxdEWLIawJ • CWE-352: Cross-Site Request Forgery (CSRF) •