Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/ruby-doorkeeper@4.2.0-3?distro=trixie
Typedeb
Namespacedebian
Nameruby-doorkeeper
Version4.2.0-3
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.3.1-1
Latest_non_vulnerable_version5.9.0-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-xa34-b97y-tye5
vulnerability_id VCID-xa34-b97y-tye5
summary 
Broken token revocation, wrong auth/auth method
Doorkeeper failed to implement OAuth Token Revocation (RFC ) in the following ways: Public clients making valid, unauthenticated calls to revoke a token would not have their token revoked Requests were not properly authenticating the *client credentials* but were, instead, looking at the access token in a second location Because of 2, the requests were also not authorizing confidential clients' ability to revoke a given token. It should only revoke tokens that belong to it. The security implication is: OAuth clients who "log out" a user expect to have the corresponding access & refresh tokens revoked, preventing an attacker who may have already hijacked the session from continuing to impersonate the victim. Because of the bug described above, this is not the case. As far as OWASP is concerned, this counts as broken authentication design. MITRE has assigned CVE-2016-6582 due to the security issues raised. An attacker, thanks to 1, can replay a hijacked session after a victim logs out/revokes their token. Additionally, thanks to 2 & 3, an attacker via a compromised confidential client could "grief" other clients by revoking their tokens (albeit this is an exceptionally narrow attack with little value).
references
0
reference_url http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6582
reference_id
reference_type
scores
0
value 0.00988
scoring_system epss
scoring_elements 0.77228
published_at 2026-06-05T12:55:00Z
1
value 0.00988
scoring_system epss
scoring_elements 0.77217
published_at 2026-06-08T12:55:00Z
2
value 0.00988
scoring_system epss
scoring_elements 0.77196
published_at 2026-06-04T12:55:00Z
3
value 0.00988
scoring_system epss
scoring_elements 0.77238
published_at 2026-06-06T12:55:00Z
4
value 0.00988
scoring_system epss
scoring_elements 0.77226
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6582
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6582
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6582
3
reference_url http://seclists.org/fulldisclosure/2016/Aug/105
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2016/Aug/105
4
reference_url https://github.com/advisories/GHSA-3m6r-39p3-jq25
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3m6r-39p3-jq25
5
reference_url https://github.com/doorkeeper-gem/doorkeeper
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/doorkeeper-gem/doorkeeper
6
reference_url https://github.com/doorkeeper-gem/doorkeeper/commit/fb938051777a3c9cb071e96fc66458f8f615bd53
reference_id
reference_type
scores
url https://github.com/doorkeeper-gem/doorkeeper/commit/fb938051777a3c9cb071e96fc66458f8f615bd53
7
reference_url https://github.com/doorkeeper-gem/doorkeeper/issues/875
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/doorkeeper-gem/doorkeeper/issues/875
8
reference_url https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2016-6582.yml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2016-6582.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6582
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-6582
11
reference_url https://web.archive.org/web/20170214021758/http://www.securityfocus.com/bid/92551
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170214021758/http://www.securityfocus.com/bid/92551
12
reference_url https://web.archive.org/web/20201207202519/http://www.securityfocus.com/archive/1/539268/100/0/threaded
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207202519/http://www.securityfocus.com/archive/1/539268/100/0/threaded
13
reference_url http://www.openwall.com/lists/oss-security/2016/08/19/2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/08/19/2
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834843
reference_id 834843
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834843
15
reference_url https://usn.ubuntu.com/7394-1/
reference_id USN-7394-1
reference_type
scores
url https://usn.ubuntu.com/7394-1/
fixed_packages
0
url pkg:deb/debian/ruby-doorkeeper@4.2.0-3?distro=trixie
purl pkg:deb/debian/ruby-doorkeeper@4.2.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@4.2.0-3%3Fdistro=trixie
1
url pkg:deb/debian/ruby-doorkeeper@5.3.0-2?distro=trixie
purl pkg:deb/debian/ruby-doorkeeper@5.3.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.3.0-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-doorkeeper@5.5.0-2%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-doorkeeper@5.5.0-2%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.5.0-2%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-doorkeeper@5.6.6-2?distro=trixie
purl pkg:deb/debian/ruby-doorkeeper@5.6.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.6.6-2%3Fdistro=trixie
4
url pkg:deb/debian/ruby-doorkeeper@5.9.0-1?distro=trixie
purl pkg:deb/debian/ruby-doorkeeper@5.9.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.9.0-1%3Fdistro=trixie
aliases CVE-2016-6582, GHSA-3m6r-39p3-jq25
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xa34-b97y-tye5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@4.2.0-3%3Fdistro=trixie