Doorkeeper Project Doorkeeper — known CVE vulnerabilities
Every CVE whose affected-product data names Doorkeeper Project Doorkeeper, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2016-6582 — CVSS 9.1 (critical): The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging…
CVE-2018-1000211 — CVSS 7.5 (high): Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can…
CVE-2020-10187 — CVSS 7.5 (high): Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret…
CVE-2014-8144 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of…
CVE-2018-1000088 — CVSS 6.1 (medium): Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization…
CVE-2023-34246 — CVSS 4.2 (medium): Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization…