Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/doorkeeper@5.2
purl pkg:gem/doorkeeper@5.2
Tags Ghost
Next non-vulnerable version 5.6.6
Latest non-vulnerable version 5.6.6
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-kkj7-z9k5-5qe2
Aliases:
CVE-2020-10187
GHSA-j7vx-8mqj-cqp9
Doorkeeper application secret information disclosure vulnerability Information disclosure vulnerability. Allows an attacker to see all Doorkeeper::Application model attribute values (including secrets) after authorizing an application to their user. An application is vulnerable if the authorized applications controller is enabled (GET /oauth/authorized_applications.json). Recommended additional hardening for >= 5.1 is to enable application secrets hashing. This would render the exposed secret useless.
5.2.5
Affected by 1 other vulnerability.
5.3.2
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T16:14:44.257430+00:00 Ruby Importer Affected by VCID-kkj7-z9k5-5qe2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2020-10187.yml 38.6.0