Описание
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.
Ссылки
- Third Party AdvisoryVDB Entry
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchRelease NotesThird Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchRelease NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.1.0 (включая)
cpe:2.3:a:doorkeeper_project:doorkeeper:*:*:*:*:*:ruby:*:*
EPSS
Процентиль: 81%
0.01593
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-254
Связанные уязвимости
CVSS3: 9.1
ubuntu
около 9 лет назад
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.
CVSS3: 9.1
debian
около 9 лет назад
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers ...
EPSS
Процентиль: 81%
0.01593
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-254