CVE-2013-4562

Name of the Vulnerable Software and Affected Versions omniauth-facebook gem versions 1.4.1 through 1.4.1

Description The issue allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter, due to improper storage of the session parameter.

Recommendations For omniauth-facebook gem version 1.4.1, update to version 1.5.0 or later to resolve the issue.