CVE-2018-1000211

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API’s authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.

No comments yet.

Leave a Reply

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 1,198,491 bad guys.