Vendor
Doorkeeper Project
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- Doorkeeper3 CVEsgem
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6582 | Cri | 0.60 | 9.1 | 0.05 | Jan 23, 2017 | The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification. | ||
| CVE-2026-44476 | 0.00 | — | 0.00 | Jun 4, 2026 | ### Impact The `DynamicClientRegistrationController#register` action hard-codes `confidential: false` when creating applications (dynamic_client_registration_controller.rb:18-25), yet the response includes a client_secret and advertises `token_endpoint_auth_methods_supported:… | |||
| CVE-2014-8144 | 0.00 | — | 0.01 | Dec 31, 2014 | Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors. |
- risk 0.60cvss 9.1epss 0.05
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.
- CVE-2026-44476Jun 4, 2026risk 0.00cvss —epss 0.00
### Impact The `DynamicClientRegistrationController#register` action hard-codes `confidential: false` when creating applications (dynamic_client_registration_controller.rb:18-25), yet the response includes a client_secret and advertises `token_endpoint_auth_methods_supported:…
- CVE-2014-8144Dec 31, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors.