{"url":"http://public2.vulnerablecode.io/api/packages/102698?format=json","purl":"pkg:deb/debian/ruby-omniauth@1.9.1-1?distro=trixie","type":"deb","namespace":"debian","name":"ruby-omniauth","version":"1.9.1-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.3.1-2","latest_non_vulnerable_version":"2.1.4-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208004?format=json","vulnerability_id":"VCID-gtk5-xfmf-97ag","summary":"lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36599"},{"reference_url":"https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3ed3ff00#diff-575abda9deb9b1a77bf534e898a923029b9a61e991d626db88dc6e8b34260aa2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3ed3ff00#diff-575abda9deb9b1a77bf534e898a923029b9a61e991d626db88dc6e8b34260aa2"},{"reference_url":"https://rubygems.org/gems/omniauth/versions/1.9.2","reference_id":"","reference_type":"","scores":[],"url":"https://rubygems.org/gems/omniauth/versions/1.9.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36599","reference_id":"CVE-2020-36599","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36599"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth/CVE-2020-36599.yml","reference_id":"CVE-2020-36599.YML","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth/CVE-2020-36599.yml"},{"reference_url":"https://github.com/advisories/GHSA-pm55-qfxr-h247","reference_id":"GHSA-pm55-qfxr-h247","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pm55-qfxr-h247"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102700?format=json","purl":"pkg:deb/debian/ruby-omniauth@2.0.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-omniauth@2.0.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102699?format=json","purl":"pkg:deb/debian/ruby-omniauth@2.1.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-omniauth@2.1.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102702?format=json","purl":"pkg:deb/debian/ruby-omniauth@2.1.1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-omniauth@2.1.1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102701?format=json","purl":"pkg:deb/debian/ruby-omniauth@2.1.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-omniauth@2.1.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-36599","GHSA-pm55-qfxr-h247"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gtk5-xfmf-97ag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203645?format=json","vulnerability_id":"VCID-v81q-9689-5uea","summary":"OmniAuth Ruby gem Cross-site Request Forgery in request phase","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9284"},{"reference_url":"https://github.com/omniauth/omniauth/issues/1031","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/omniauth/omniauth/issues/1031"},{"reference_url":"https://github.com/omniauth/omniauth/pull/809","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/omniauth/omniauth/pull/809"},{"reference_url":"https://github.com/omniauth/omniauth-rails/pull/1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/omniauth/omniauth-rails/pull/1"},{"reference_url":"https://github.com/omniauth/omniauth/releases/tag/v1.9.2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/omniauth/omniauth/releases/tag/v1.9.2"},{"reference_url":"https://github.com/omniauth/omniauth/releases/tag/v2.0.0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/omniauth/omniauth/releases/tag/v2.0.0"},{"reference_url":"https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/commit/aef9f623c0be838234d53baf18977564804da397","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/commit/aef9f623c0be838234d53baf18977564804da397"},{"reference_url":"https://www.openwall.com/lists/oss-security/2015/05/26/11","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2015/05/26/11"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973384","reference_id":"973384","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973384"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-9284","reference_id":"CVE-2015-9284","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-9284"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth/CVE-2015-9284.yml","reference_id":"CVE-2015-9284.YML","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth/CVE-2015-9284.yml"},{"reference_url":"https://github.com/advisories/GHSA-ww4x-rwq6-qpgf","reference_id":"GHSA-ww4x-rwq6-qpgf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ww4x-rwq6-qpgf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102700?format=json","purl":"pkg:deb/debian/ruby-omniauth@2.0.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-omniauth@2.0.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102699?format=json","purl":"pkg:deb/debian/ruby-omniauth@2.1.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-omniauth@2.1.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102702?format=json","purl":"pkg:deb/debian/ruby-omniauth@2.1.1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-omniauth@2.1.1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102701?format=json","purl":"pkg:deb/debian/ruby-omniauth@2.1.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-omniauth@2.1.4-1%3Fdistro=trixie"}],"aliases":["CVE-2015-9284","GHSA-ww4x-rwq6-qpgf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v81q-9689-5uea"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/169727?format=json","vulnerability_id":"VCID-xqas-uqre-buhk","summary":"security update","references":[{"reference_url":"https://bugs.debian.org/888523","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.debian.org/888523"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18076"},{"reference_url":"https://github.com/omniauth/omniauth/pull/867","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/omniauth/omniauth/pull/867"},{"reference_url":"https://github.com/omniauth/omniauth/pull/867/commits/71866c5264122e196847a3980c43051446a03e9b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/omniauth/omniauth/pull/867/commits/71866c5264122e196847a3980c43051446a03e9b"},{"reference_url":"https://www.debian.org/security/2018/dsa-4109","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4109"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888523","reference_id":"888523","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888523"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18076","reference_id":"CVE-2017-18076","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18076"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth/CVE-2017-18076.yml","reference_id":"CVE-2017-18076.YML","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth/CVE-2017-18076.yml"},{"reference_url":"https://github.com/advisories/GHSA-9pr6-grf4-x2fr","reference_id":"GHSA-9pr6-grf4-x2fr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9pr6-grf4-x2fr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102703?format=json","purl":"pkg:deb/debian/ruby-omniauth@1.3.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-omniauth@1.3.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102698?format=json","purl":"pkg:deb/debian/ruby-omniauth@1.9.1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gtk5-xfmf-97ag"},{"vulnerability":"VCID-v81q-9689-5uea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-omniauth@1.9.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102699?format=json","purl":"pkg:deb/debian/ruby-omniauth@2.1.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-omniauth@2.1.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102702?format=json","purl":"pkg:deb/debian/ruby-omniauth@2.1.1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-omniauth@2.1.1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102701?format=json","purl":"pkg:deb/debian/ruby-omniauth@2.1.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-omniauth@2.1.4-1%3Fdistro=trixie"}],"aliases":["CVE-2017-18076","GHSA-9pr6-grf4-x2fr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xqas-uqre-buhk"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-omniauth@1.9.1-1%3Fdistro=trixie"}