VYPR

Doorkeeper

by Doorkeeper Project

gem: doorkeeper

Source repositories

CVEs (3)

  • CVE-2016-6582CriJan 23, 2017
    risk 0.60cvss 9.1epss 0.05

    The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.

  • CVE-2026-44476Jun 4, 2026
    risk 0.00cvss epss 0.00

    ### Impact The `DynamicClientRegistrationController#register` action hard-codes `confidential: false` when creating applications (dynamic_client_registration_controller.rb:18-25), yet the response includes a client_secret and advertises `token_endpoint_auth_methods_supported:…

  • CVE-2014-8144Dec 31, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors.