Download
| Alert*
|
oval:org.secpod.oval:def:603682
ruby-doorkeeper is installed oval:org.secpod.oval:def:2001425 Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting vulnerability in web view"s OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client"s name will cause users interacting with it will execute payload. This attack appear to be exploita ... oval:org.secpod.oval:def:2000842 Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API"s authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry. oval:org.secpod.oval:def:708289 ruby-doorkeeper: OAuth 2 provider for Rails and Grape Doorkeeper could be made to expose sensitive information over the network. |
