CVE-2020-26254: Authentication Bypass by Spoofing

December 8, 2020 (updated December 10, 2020)

omniauth-apple is the OmniAuth strategy for “Sign In with Apple” (RubyGem omniauth-apple). Applications using affected versions of omniauth-apple are advised to upgrade to omniauth-apple or later.

References

nvd.nist.gov/vuln/detail/CVE-2020-26254

Code Behaviors & Features

Detect and mitigate CVE-2020-26254 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →