The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2017-0157 | The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification. |
![]() |
GHSA-3m6r-39p3-jq25 | Doorkeeper is vulnerable to replay attacks |
![]() |
USN-7394-1 | Doorkeeper vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T01:36:28.287Z
Reserved: 2016-08-03T00:00:00
Link: CVE-2016-6582

No data.

Status : Deferred
Published: 2017-01-23T21:59:02.110
Modified: 2025-04-20T01:37:25.860
Link: CVE-2016-6582

No data.

No data.