CSRF vulnerability, injecting state in session
The package omniauth-oauth2 for Ruby contains a flaw related to omniauth.state that allows a remote attacker to conduct a session injection attack. This flaw exists because the application, when establishing a new session, does not invalidate an existing session identifier and assign a new one. With a specially crafted request fixating the session identifier, a context-dependent attacker can ensure a user authenticates with the known session identifier, allowing the session …