doorkeeper vulnerabilities

Doorkeeper is an OAuth 2 provider for Rails and Grape.

Latest version: 5.2.0.rc1

Licenses detected

  • license: Unknown < 0.7.1, >= 0.1.0
  • license: MIT >= 0.7.1
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the doorkeeper package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • H
Insufficient Token Expiration
>=4.2.0, <4.4.0,=5.0.0.rc1 Not available 19 Jul, 2018
  • M
Cross-site Scripting (XSS)
<4.2.6 Not available 21 Feb, 2018
  • H
Incorrect Authentication Implementation
< 4.2.0, >= 1.2.0 Not available 17 Aug, 2016
  • L
Sensitive Information Exposure
< 2.1.2, >= 1.5,< 1.4.2 Not available 09 Feb, 2015
  • M
Cross-site request forgery (CSRF)
< 2.0.0, >= 1.5,< 1.4.1 Not available 17 Dec, 2014