CVE-2018-1000088

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000088

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000088.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000088

Aliases

GHSA-hwhh-2fwm-cfgw

Related

Published

2018-03-13T15:29:01Z

Modified

2025-05-28T10:12:25.321662Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0.

References

Affected packages

Debian:11 / ruby-doorkeeper

Package

Name: ruby-doorkeeper
Purl: pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ruby-doorkeeper

Package

Name: ruby-doorkeeper
Purl: pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ruby-doorkeeper

Package

Name: ruby-doorkeeper
Purl: pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/doorkeeper-gem/doorkeeper

Affected ranges

Type: GIT
Repo: https://github.com/doorkeeper-gem/doorkeeper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

644d2ceb41411b9b320a6c8ee769762b37deba01

Fixed

644d2ceb41411b9b320a6c8ee769762b37deba01

Affected versions

v0.*

v0.1.0

v0.1.1

v0.2.0

v0.3.0

v0.3.2

v0.4.0

v0.5.0.rc1

v0.6.0

v0.6.0.rc1

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.6.7

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v1.*

v1.0.0

v1.0.0.rc1

v1.0.0.rc2

v1.1.0

v1.2.0

v1.3.0

v1.3.1

v1.4.0

v2.*

v2.0.0

v2.0.0.alpha1

v2.0.0.rc1

v2.0.0.rc2

v2.0.0.rc3

v2.0.1

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.2.0

v2.2.1

v3.*

v3.0.0

v3.0.0.rc1

v3.0.0.rc2

v3.0.1

v3.1.0

v4.*

v4.0.0

v4.0.0.rc1

v4.0.0.rc2

v4.0.0.rc3

v4.0.0.rc4

v4.1.0

v4.2.0

v4.2.5

v4.2.6