DEBIAN-CVE-2016-6582

Source
https://security-tracker.debian.org/tracker/CVE-2016-6582
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2016-6582.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2016-6582
Upstream
Published
2017-01-23T21:59:02.110Z
Modified
2026-04-28T20:15:46.020098Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.

References

Affected packages

Debian:11 / ruby-doorkeeper

Package

Name
ruby-doorkeeper
Purl
pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2016-6582.json"

Debian:12 / ruby-doorkeeper

Package

Name
ruby-doorkeeper
Purl
pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2016-6582.json"

Debian:13 / ruby-doorkeeper

Package

Name
ruby-doorkeeper
Purl
pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2016-6582.json"

Debian:14 / ruby-doorkeeper

Package

Name
ruby-doorkeeper
Purl
pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2016-6582.json"