omniauth-microsoft_graph 0.3.3

1 security vulnerability found in version 0.3.3

Omniauth::MicrosoftGraph Account takeover (nOAuth)

high severity CVE-2024-21632
high severity CVE-2024-21632
Patched versions: >= 2.0.0

Summary

The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

No license issues detected.


This gem version has a license in the gemspec.

This gem version is available.


This gem version has not been yanked and is still available for usage.