omniauth-facebook 1.4.1
omniauth-facebook Gem for Ruby Insecure Access Token Handling Authentication Bypass
high severity CVE-2013-4593>= 1.5.1
omniauth-facebook Gem for Ruby contains a flaw that is due to the application supporting passing the access token via the URL. This may allow a remote attacker to bypass authentication and authenticate as another user.
omniauth-facebook Gem for Ruby Unspecified CSRF
high severity CVE-2013-4562>= 1.5.0
<= 1.4.0
omniauth-facebook Gem for Ruby contains a flaw as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack causing the victim to perform an unspecified action.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
Gem version without a license.
Unless a license that specifies otherwise is included, nobody can use, copy, distribute, or modify this library without being at risk of take-downs, shake-downs, or litigation.
This gem version is available.
This gem version has not been yanked and is still available for usage.