Skip to content

Doorkeeper contains Cross-site Request Forgery

Moderate severity GitHub Reviewed Published Sep 17, 2018 to the GitHub Advisory Database • Updated Nov 7, 2023

Package

bundler doorkeeper (RubyGems)

Affected versions

< 1.4.1

Patched versions

1.4.1

Description

Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors.

References

Published by the National Vulnerability Database Dec 31, 2014
Published to the GitHub Advisory Database Sep 17, 2018
Reviewed Jun 16, 2020
Last updated Nov 7, 2023

Severity

Moderate

EPSS score

0.159%
(53rd percentile)

Weaknesses

CVE ID

CVE-2014-8144

GHSA ID

GHSA-685w-vc84-wxcx

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.