GHSA-5p9f-55j8-922m

Source

https://github.com/advisories/GHSA-5p9f-55j8-922m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/08/GHSA-5p9f-55j8-922m/GHSA-5p9f-55j8-922m.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5p9f-55j8-922m

Withdrawn

2020-06-17T15:14:35Z

Published

2018-08-13T20:49:10Z

Modified

2024-12-02T05:44:17.815961Z

Summary

Moderate severity vulnerability that affects doorkeeper

Details

Withdrawn, accidental duplicate publish.

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.

Database specific

{
    "nvd_published_at": null,
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [],
    "github_reviewed_at": "2020-06-17T15:14:35Z"
}

References

Affected packages

RubyGems / doorkeeper

Package

Name: doorkeeper
Purl: pkg:gem/doorkeeper

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.2.0

Fixed

4.2.0

Affected versions

1.*

1.2.0

1.3.0

1.3.1

1.4.0

1.4.1

1.4.2

2.*

2.0.0.alpha1

2.0.0.rc2

2.0.0.rc3

2.0.0

2.0.1

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.2.0

2.2.1

2.2.2

3.*

3.0.0.rc1

3.0.0.rc2

3.0.0

3.0.1

3.1.0

4.*

4.0.0.rc1

4.0.0.rc2

4.0.0.rc3

4.0.0.rc4

4.0.0

4.1.0