GHSA-3m6r-39p3-jq25

Source

https://github.com/advisories/GHSA-3m6r-39p3-jq25

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-3m6r-39p3-jq25/GHSA-3m6r-39p3-jq25.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3m6r-39p3-jq25

Aliases

CVE-2016-6582

Published

2017-10-24T18:33:35Z

Modified

2024-02-16T08:07:34.056523Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

Doorkeeper is vulnerable to replay attacks

Details

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-1254"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:55:30Z"
}

References

Affected packages

RubyGems / doorkeeper

Package

Name: doorkeeper
Purl: pkg:gem/doorkeeper

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.0

Affected versions

0.*

0.1.0

0.1.1

0.2.0

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.4.0

0.4.1

0.4.2

0.5.0.rc1

0.5.0

0.6.0.rc1

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

1.*

1.0.0.rc1

1.0.0.rc2

1.0.0

1.1.0

1.2.0

1.3.0

1.3.1

1.4.0

1.4.1

1.4.2

2.*

2.0.0.alpha1

2.0.0.rc2

2.0.0.rc3

2.0.0

2.0.1

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.2.0

2.2.1

2.2.2

3.*

3.0.0.rc1

3.0.0.rc2

3.0.0

3.0.1

3.1.0

4.*

4.0.0.rc1

4.0.0.rc2

4.0.0.rc3

4.0.0.rc4

4.0.0

4.1.0