ADVISORIES

• OSVDB-118830
• Vendor Advisory

GEM

doorkeeper

PATCHED VERSIONS

• ~> 1.4.2
• >= 2.1.2

DESCRIPTION

Doorkeeper Gem for Ruby contains a flaw in lib/doorkeeper/engine.rb. The issue is due to the program storing sensitive information in production logs. This may allow a local attacker to gain access to sensitive information.

RELATED

• https://www.versioneye.com/Ruby/doorkeeper/2.1.1
• https://github.com/doorkeeper-gem/doorkeeper/commit/d6bca5f32b741b8cee83a4aeb818338b919181fe
• https://github.com/doorkeeper-gem/doorkeeper/blob/main/lib/doorkeeper/engine.rb
• https://github.com/doorkeeper-gem/doorkeeper/issues/576
• https://github.com/rubysec/ruby-advisory-db/pull/128
• https://my.diffend.io/gems/doorkeeper/versions/0.3.0
• https://security.snyk.io/vuln/SNYK-RUBY-DOORKEEPER-20206
• https://www.mend.io/vulnerability-database/WS-2015-0039
• http://www.osvdb.org/show/osvdb/118830