1 omniauth vulnerability found in Gemfile.lock

[LinuxSysAdmin]

Please complete all sections.

Configuration

• Provider Gem: omniauth-*
• Ruby Version: 5.2.3
• Framework: Rails
• Platform: Ubuntu 16.04

Expected Behavior

Tell us what should happen.

After i deploy my Rails code at GitHUb it shows 1 omniauth vulnerability found in Gemfile.lock
Remediation
No patched version is available.

Actual Behavior

https://github.com/FreelancerMasum/finaldev/network/alert/Gemfile.lock/omniauth/open
Tell us what happens instead.

Steps to Reproduce

Please list all steps to reproduce the issue.

[alexventuraio]

Any proposal to fix it up?

[rrjohnson85]

Isn't this covered in the Wiki, https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284?

[alexventuraio]

@rrjohnson85 yeah I see that we need to use a new gem to fix that issue.
One more question, if I'm using omniauth-github is there a way I can fix the same issue but in that gem?
Since the GitHub strategy gem is using omniauth gem I think that's way I get the same vulnerability issue :( .

Thanks in advance!

[BobbyMcWho]

Duplicate of #960