The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.
Advisories
Source ID Title
EUVD EUVD EUVD-2017-0157 The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.
Github GHSA Github GHSA GHSA-3m6r-39p3-jq25 Doorkeeper is vulnerable to replay attacks
Ubuntu USN Ubuntu USN USN-7394-1 Doorkeeper vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-06T01:36:28.287Z

Reserved: 2016-08-03T00:00:00

Link: CVE-2016-6582

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2017-01-23T21:59:02.110

Modified: 2025-04-20T01:37:25.860

Link: CVE-2016-6582

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.