Open bsp3ars opened 3 years ago
I think this is tied in with the orcid gem which is pointed at a local repo and is also not functioning properly.
We are now on 1.9.2 but still need to update to 2.0
Name: omniauth Version: 1.9.2 CVE: CVE-2015-9284 GHSA: GHSA-ww4x-rwq6-qpgf Criticality: High URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284 Title: CSRF vulnerability in OmniAuth's request phase Solution: upgrade to '>= 2.0.0'
Descriptive summary
We need to upgrade the Omniauth gem to >= 2.0.0
Bundler-audit Message:
Name: omniauth Version: 1.9.1 CVE: CVE-2015-9284 GHSA: GHSA-ww4x-rwq6-qpgf Criticality: High URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284 Title: CSRF vulnerability in OmniAuth's request phase Solution: upgrade to >= 2.0.0