GHSA-685w-vc84-wxcx

Source

https://github.com/advisories/GHSA-685w-vc84-wxcx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-685w-vc84-wxcx/GHSA-685w-vc84-wxcx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-685w-vc84-wxcx

Aliases

CVE-2014-8144

Published

2018-09-17T21:55:22Z

Modified

2024-12-06T05:39:50.713850Z

Summary

Doorkeeper contains Cross-site Request Forgery

Details

Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors.

Database specific

{
    "nvd_published_at": "2014-12-31T22:59:02Z",
    "cwe_ids": [
        "CWE-352"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:18:25Z"
}

References

Affected packages

RubyGems / doorkeeper

Package

Name: doorkeeper
Purl: pkg:gem/doorkeeper

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.1

Affected versions

0.*

0.1.0

0.1.1

0.2.0

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.4.0

0.4.1

0.4.2

0.5.0.rc1

0.5.0

0.6.0.rc1

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

1.*

1.0.0.rc1

1.0.0.rc2

1.0.0

1.1.0

1.2.0

1.3.0

1.3.1

1.4.0