omniauth-facebook Gem on Ruby Access Token unknown vulnerability

A vulnerability was found in omniauth-facebook Gem on Ruby (Social Network Software) (affected version not known). It has been rated as critical. Affected by this issue is an unknown code block of the component Access Token Handler. The impact remains unknown. CVE summarizes:

RubyGem omniauth-facebook has an access token security vulnerability

The bug was discovered 11/15/2013. The weakness was disclosed 12/11/2019. This vulnerability is handled as CVE-2013-4593 since 06/12/2013. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 12/11/2019).

The vulnerability was handled as a non-public zero-day exploit for at least 2217 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Type

Name

Class: Unknown
Local: Yes
Remote: No

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: no mitigation known

0-Day Time: 🔒

06/12/2013 CVE assigned
11/15/2013 +156 days Vulnerability found
12/11/2019 +2217 days Advisory disclosed
12/11/2019 +0 days VulDB entry created
12/11/2019 +0 days VulDB last update
CVE: CVE-2013-4593 (🔒)
OSVDB: 99888
Created: 12/11/2019 04:47 PM
Complete: 🔍

Comments are closed.