Vulnerability Details : CVE-2017-18076
In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.
Exploit prediction scoring system (EPSS) score for CVE-2017-18076
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less