Debian Linux Security Advisory 4109-1 - Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authentication services from this module and access to the CSRF token.
e59f433e0256fcb085e31cbcbe55a04241623a2742f3d2f521b26f9b0dd390b5