Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/ruby-doorkeeper@5.9.0-1?distro=trixie

Type deb

Namespace debian

Name ruby-doorkeeper

Version 5.9.0-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-bss3-b2mz-gyg6

vulnerability_id VCID-bss3-b2mz-gyg6

summary

Doorkeeper Improper Authentication vulnerability
OAuth RFC 8252 says  https://www.rfc-editor.org/rfc/rfc8252#section-8.6

> the authorization server SHOULD NOT process authorization requests automatically without user consent or interaction, except when the identity of the client can be assured. **This includes the case where the user has previously approved an authorization request for a given client id**

But Doorkeeper automatically processes authorization requests without user consent for public clients that have been previously approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured.

Issue https://github.com/doorkeeper-gem/doorkeeper/issues/1589

Fix https://github.com/doorkeeper-gem/doorkeeper/pull/1646

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-34246

reference_id

reference_type

scores

value	0.00312
scoring_system	epss
scoring_elements	0.54755
published_at	2026-06-05T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54759
published_at	2026-06-07T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54766
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-34246

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34246
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34246

reference_url

https://github.com/doorkeeper-gem/doorkeeper

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/doorkeeper-gem/doorkeeper

reference_url

https://github.com/doorkeeper-gem/doorkeeper/issues/1589

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T23:12:01Z/

url

https://github.com/doorkeeper-gem/doorkeeper/issues/1589

reference_url

https://github.com/doorkeeper-gem/doorkeeper/pull/1646

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T23:12:01Z/

url

https://github.com/doorkeeper-gem/doorkeeper/pull/1646

reference_url

https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v5.6.6

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T23:12:01Z/

url

https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v5.6.6

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00016.html

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T23:12:01Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00016.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/12/msg00010.html

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/12/msg00010.html

reference_url

https://www.rfc-editor.org/rfc/rfc8252#section-8.6

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T23:12:01Z/

url

https://www.rfc-editor.org/rfc/rfc8252#section-8.6

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038950
reference_id	1038950
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038950

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-34246

reference_id

CVE-2023-34246

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-34246

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2023-34246.yml

reference_id

CVE-2023-34246.YML

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2023-34246.yml

reference_url

https://github.com/advisories/GHSA-7w2c-w47h-789w

reference_id

GHSA-7w2c-w47h-789w

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7w2c-w47h-789w

reference_url

https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w

reference_id

GHSA-7w2c-w47h-789w

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T23:12:01Z/

url

https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w

reference_url	https://usn.ubuntu.com/6210-1/
reference_id	USN-6210-1
reference_type
scores
url	https://usn.ubuntu.com/6210-1/

fixed_packages

url	pkg:deb/debian/ruby-doorkeeper@5.3.0-2?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.3.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.3.0-2%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.3.0-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.3.0-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.3.0-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.5.0-2%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.5.0-2%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.5.0-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.6.6-2?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.6.6-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.6.6-2%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.9.0-1?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.9.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.9.0-1%3Fdistro=trixie

aliases CVE-2023-34246, GHSA-7w2c-w47h-789w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bss3-b2mz-gyg6

url VCID-jqsd-ye8h-hfd1

vulnerability_id VCID-jqsd-ye8h-hfd1

summary

Incorrect Permission Assignment for Critical Resource
Doorkeeper contains a vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000211

reference_id

reference_type

scores

value	0.00265
scoring_system	epss
scoring_elements	0.50192
published_at	2026-06-04T12:55:00Z

value	0.00265
scoring_system	epss
scoring_elements	0.50242
published_at	2026-06-07T12:55:00Z

value	0.00265
scoring_system	epss
scoring_elements	0.50261
published_at	2026-06-06T12:55:00Z

value	0.00265
scoring_system	epss
scoring_elements	0.50253
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000211

reference_url

https://blog.justinbull.ca/cve-2018-1000211-public-apps-cant-revoke-tokens-in-doorkeeper/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

url

https://blog.justinbull.ca/cve-2018-1000211-public-apps-cant-revoke-tokens-in-doorkeeper/

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000211
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000211

reference_url

https://github.com/advisories/GHSA-694m-jhr9-pf77

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-694m-jhr9-pf77

reference_url

https://github.com/doorkeeper-gem/doorkeeper

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/doorkeeper-gem/doorkeeper

reference_url

https://github.com/doorkeeper-gem/doorkeeper/issues/891

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/doorkeeper-gem/doorkeeper/issues/891

reference_url

https://github.com/doorkeeper-gem/doorkeeper/pull/1119

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/doorkeeper-gem/doorkeeper/pull/1119

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903980
reference_id	903980
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903980

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000211

reference_id

CVE-2018-1000211

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000211

fixed_packages

url	pkg:deb/debian/ruby-doorkeeper@4.4.2-1?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@4.4.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@4.4.2-1%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.3.0-2?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.3.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.3.0-2%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.5.0-2%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.5.0-2%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.5.0-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.6.6-2?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.6.6-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.6.6-2%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.9.0-1?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.9.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.9.0-1%3Fdistro=trixie

aliases CVE-2018-1000211, GHSA-694m-jhr9-pf77

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqsd-ye8h-hfd1

url VCID-kkj7-z9k5-5qe2

vulnerability_id VCID-kkj7-z9k5-5qe2

summary

Doorkeeper application secret information disclosure vulnerability
Information disclosure vulnerability. Allows an attacker to see all
Doorkeeper::Application model attribute values (including secrets) after
authorizing an application to their user.

An application is vulnerable if the authorized applications controller is
enabled (GET /oauth/authorized_applications.json).

Recommended additional hardening for >= 5.1 is to enable application secrets
hashing. This would render the exposed secret useless.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10187

reference_id

reference_type

scores

value	0.00425
scoring_system	epss
scoring_elements	0.62599
published_at	2026-06-05T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62597
published_at	2026-06-07T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62608
published_at	2026-06-06T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62554
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10187

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10187
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10187

reference_url

https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6

reference_url

https://github.com/doorkeeper-gem/doorkeeper/releases

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/doorkeeper-gem/doorkeeper/releases

reference_url

https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2020-10187.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2020-10187.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/pull/446

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/pull/446

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959903
reference_id	959903
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959903

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10187

reference_id

CVE-2020-10187

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10187

reference_url

https://github.com/advisories/GHSA-j7vx-8mqj-cqp9

reference_id

GHSA-j7vx-8mqj-cqp9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j7vx-8mqj-cqp9

fixed_packages

url	pkg:deb/debian/ruby-doorkeeper@5.0.3-1?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.0.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.0.3-1%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.3.0-2?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.3.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.3.0-2%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.5.0-2%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.5.0-2%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.5.0-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.6.6-2?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.6.6-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.6.6-2%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.9.0-1?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.9.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.9.0-1%3Fdistro=trixie

aliases CVE-2020-10187, GHSA-j7vx-8mqj-cqp9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkj7-z9k5-5qe2

url VCID-vfr9-mu8k-rbg5

vulnerability_id VCID-vfr9-mu8k-rbg5

summary

XSS on authorization consent view
Stored XSS on the OAuth Client's name will cause users being prompted for consent via the `implicit` grant type to execute the XSS payload. The XSS attack could gain access to the user's active session, resulting in account compromise. Any user is susceptible if they click the authorization link for the malicious OAuth client. Because of how the links work, a user cannot tell if a link is malicious or not without first visiting the page with the XSS payload. In addition, there is stored XSS in the `native_redirect_uri` form element.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000088

reference_id

reference_type

scores

value	0.00174
scoring_system	epss
scoring_elements	0.38497
published_at	2026-06-04T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.3856
published_at	2026-06-07T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38588
published_at	2026-06-06T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38585
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000088

reference_url

https://blog.justinbull.ca/cve-2018-1000088-stored-xss-in-doorkeeper

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://blog.justinbull.ca/cve-2018-1000088-stored-xss-in-doorkeeper

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000088

reference_url

https://github.com/doorkeeper-gem/doorkeeper

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/doorkeeper-gem/doorkeeper

reference_url

https://github.com/doorkeeper-gem/doorkeeper/commit/7b1a8373ecd69768c896000c7971dbf48948c1b5

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/doorkeeper-gem/doorkeeper/commit/7b1a8373ecd69768c896000c7971dbf48948c1b5

reference_url

https://github.com/doorkeeper-gem/doorkeeper/issues/969

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/doorkeeper-gem/doorkeeper/issues/969

reference_url

https://github.com/doorkeeper-gem/doorkeeper/pull/970

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/doorkeeper-gem/doorkeeper/pull/970

reference_url

https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.3.0

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.3.0

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2018-1000088.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2018-1000088.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/pull/328/files

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/pull/328/files

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000088

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000088

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891069
reference_id	891069
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891069

reference_url

https://blog.justinbull.ca/cve-2018-1000088-stored-xss-in-doorkeeper/

reference_id

CVE-2018-1000088-STORED-XSS-IN-DOORKEEPER

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements

url

https://blog.justinbull.ca/cve-2018-1000088-stored-xss-in-doorkeeper/

reference_url

https://github.com/advisories/GHSA-hwhh-2fwm-cfgw

reference_id

GHSA-hwhh-2fwm-cfgw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hwhh-2fwm-cfgw

reference_url	https://usn.ubuntu.com/7394-1/
reference_id	USN-7394-1
reference_type
scores
url	https://usn.ubuntu.com/7394-1/

fixed_packages

url	pkg:deb/debian/ruby-doorkeeper@4.3.1-1?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@4.3.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@4.3.1-1%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.3.0-2?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.3.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.3.0-2%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.5.0-2%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.5.0-2%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.5.0-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.6.6-2?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.6.6-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.6.6-2%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.9.0-1?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.9.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.9.0-1%3Fdistro=trixie

aliases CVE-2018-1000088, GHSA-hwhh-2fwm-cfgw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vfr9-mu8k-rbg5

url VCID-xa34-b97y-tye5

vulnerability_id VCID-xa34-b97y-tye5

summary

Broken token revocation, wrong auth/auth method
Doorkeeper failed to implement OAuth Token Revocation (RFC ) in the following ways: Public clients making valid, unauthenticated calls to revoke a token would not have their token revoked Requests were not properly authenticating the *client credentials* but were, instead, looking at the access token in a second location Because of 2, the requests were also not authorizing confidential clients' ability to revoke a given token. It should only revoke tokens that belong to it. The security implication is: OAuth clients who "log out" a user expect to have the corresponding access & refresh tokens revoked, preventing an attacker who may have already hijacked the session from continuing to impersonate the victim. Because of the bug described above, this is not the case. As far as OWASP is concerned, this counts as broken authentication design. MITRE has assigned CVE-2016-6582 due to the security issues raised. An attacker, thanks to 1, can replay a hijacked session after a victim logs out/revokes their token. Additionally, thanks to 2 & 3, an attacker via a compromised confidential client could "grief" other clients by revoking their tokens (albeit this is an exceptionally narrow attack with little value).

references

reference_url

http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6582

reference_id

reference_type

scores

value	0.00988
scoring_system	epss
scoring_elements	0.77238
published_at	2026-06-06T12:55:00Z

value	0.00988
scoring_system	epss
scoring_elements	0.77196
published_at	2026-06-04T12:55:00Z

value	0.00988
scoring_system	epss
scoring_elements	0.77228
published_at	2026-06-05T12:55:00Z

value	0.00988
scoring_system	epss
scoring_elements	0.77226
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6582

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6582
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6582

reference_url

http://seclists.org/fulldisclosure/2016/Aug/105

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2016/Aug/105

reference_url

https://github.com/advisories/GHSA-3m6r-39p3-jq25

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-3m6r-39p3-jq25

reference_url

https://github.com/doorkeeper-gem/doorkeeper

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/doorkeeper-gem/doorkeeper

reference_url	https://github.com/doorkeeper-gem/doorkeeper/commit/fb938051777a3c9cb071e96fc66458f8f615bd53
reference_id
reference_type
scores
url	https://github.com/doorkeeper-gem/doorkeeper/commit/fb938051777a3c9cb071e96fc66458f8f615bd53

reference_url

https://github.com/doorkeeper-gem/doorkeeper/issues/875

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/doorkeeper-gem/doorkeeper/issues/875

reference_url

https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2016-6582.yml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2016-6582.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6582

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6582

reference_url

https://web.archive.org/web/20170214021758/http://www.securityfocus.com/bid/92551

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170214021758/http://www.securityfocus.com/bid/92551

reference_url

https://web.archive.org/web/20201207202519/http://www.securityfocus.com/archive/1/539268/100/0/threaded

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201207202519/http://www.securityfocus.com/archive/1/539268/100/0/threaded

reference_url

http://www.openwall.com/lists/oss-security/2016/08/19/2

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/08/19/2

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834843
reference_id	834843
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834843

reference_url	https://usn.ubuntu.com/7394-1/
reference_id	USN-7394-1
reference_type
scores
url	https://usn.ubuntu.com/7394-1/

fixed_packages

url	pkg:deb/debian/ruby-doorkeeper@4.2.0-3?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@4.2.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@4.2.0-3%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.3.0-2?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.3.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.3.0-2%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.5.0-2%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.5.0-2%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.5.0-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.6.6-2?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.6.6-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.6.6-2%3Fdistro=trixie

url	pkg:deb/debian/ruby-doorkeeper@5.9.0-1?distro=trixie
purl	pkg:deb/debian/ruby-doorkeeper@5.9.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.9.0-1%3Fdistro=trixie

aliases CVE-2016-6582, GHSA-3m6r-39p3-jq25

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xa34-b97y-tye5

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-doorkeeper@5.9.0-1%3Fdistro=trixie

Package Instance