CVE-2014-8144

Published December 31st, 2014

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors.

doorkeeper-gem/doorkeeper

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.

GitHub

5.5K