You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Name: omniauth
Version: 1.9.0
Advisory: CVE-2015-9284
Criticality: High
URL: https://github.com/omniauth/omniauth/pull/809
Title: CSRF vulnerability in OmniAuth's request phase
Solution: remove or disable this gem until a patch is available!
Not sure if you have noticed this vulnerability URL: omniauth/omniauth#809 in omniauth but I barely have no idea what's going on. :). There seems to be a fix/patch which convert get to post
link_to('Sign In with Okta', admin_user_okta_omniauth_authorize_path, class: "btn btn-success btn-block")
to
link_to('Sign In with Okta', admin_user_okta_omniauth_authorize_path, class: "btn btn-success btn-block", method: :post)
along with some other changes.
But apparently this doesn't work for okta. Hope some one could help and explain if this is some thing need to be fixed and how I can fix it. Thanks.
The text was updated successfully, but these errors were encountered:
Hi team.
Getting warning from 'bundle audit':
Not sure if you have noticed this vulnerability URL: omniauth/omniauth#809 in
omniauthbut I barely have no idea what's going on. :). There seems to be a fix/patch which convertgettopostto
along with some other changes.
But apparently this doesn't work for okta. Hope some one could help and explain if this is some thing need to be fixed and how I can fix it. Thanks.
The text was updated successfully, but these errors were encountered: