Source: ruby-doorkeeper Version: 4.2.0-1 Severity: grave Tags: security upstream Forwarded: https://github.com/doorkeeper-gem/doorkeeper/issues/891
Hi, The following vulnerability was published for ruby-doorkeeper. CVE-2018-1000211[0]: | Doorkeeper version 4.2.0 and later contains a Incorrect Access Control | vulnerability in Token revocation API's authorized method that can | result in Access tokens are not revoked for public OAuth apps, leaking | access until expiry. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1000211 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000211 [1] https://github.com/doorkeeper-gem/doorkeeper/issues/891 Regards, Salvatore
