CRITICAL
Doorkeeper Project
CVE published 2017-01-23
CVE-2016-6582
CVE-2016-6582 affects the Doorkeeper gem for Ruby and is rated Critical (CVSS 9.1). The issue is described as a failure to fully implement the OAuth 2.0 Token Revocation specification, which may let a remote attacker conduct replay attacks or revoke arbitrary tokens. The vulnerable range is identified in NVD as Doorkeeper versions up to 4.1.0, with the vendor patch reference pointing to release v4.2.0. Pu [truncated]