CVE-2014-8144
EPSS 0.13%Doorkeeper vulnerable to Cross-site Request Forgery
Published: 9/17/2018Modified: 4/14/2025
Also known as:GHSA-685w-vc84-wxcx
Description
Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors.
Affected packages (1)
- RubyGems/doorkeeperfrom 0, < 1.4.1