CVE-2016-6582

NameCVE-2016-6582
DescriptionThe Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs834843

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby-doorkeeper (PTS)bullseye5.3.0-2fixed
bullseye (security)5.3.0-2+deb11u1fixed
bookworm5.5.0-2+deb12u1fixed
forky, sid, trixie5.6.6-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby-doorkeepersource(unstable)4.2.0-3834843

Notes

https://github.com/doorkeeper-gem/doorkeeper/commit/fb938051777a3c9cb071e96fc66458f8f615bd53
https://github.com/doorkeeper-gem/doorkeeper/issues/875
Search for package or bug name: Reporting problems