CVE-2020-36599
- Source
- https://cve.org/CVERecord?id=CVE-2020-36599
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36599.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-36599
- Aliases
- Downstream
- Published
- 2022-08-18T23:15:08.187Z
- Modified
- 2026-02-19T01:40:18.797913Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the messagekey value.
- References
-
- https://rubygems.org/gems/omniauth/versions/1.9.2
- https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3ed3ff00#diff-575abda9deb9b1a77bf534e898a923029b9a61e991d626db88dc6e8b34260aa2
- https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3ed3ff00#diff-575abda9deb9b1a77bf534e898a923029b9a61e991d626db88dc6e8b34260aa2
Affected packages
Git / github.com/omniauth/omniauth
Affected ranges
- Type
- GIT
- Repo
- https://github.com/omniauth/omniauth
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.0.1
v0.0.3
v0.0.4
v0.1.1
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.2.0
v0.2.0.beta1
v0.2.0.beta2
v0.2.0.beta4
v0.2.0.beta5
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.3.0.rc1
v0.3.0.rc2
v0.3.0.rc3
v1.*
v1.0.0
v1.0.0.beta1
v1.0.0.pr1
v1.0.0.pr2
v1.0.0.rc1
v1.0.0.rc2
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.6.0
v1.6.1
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.9.0
v1.9.1