doorkeeper-openid_connect
RubyGems2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting doorkeeper-openid_connectpage 1 of 1
- CVE-2019-9837MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.5.42019-03-21
vulnerable: 1.4.0, 1.5.0, 1.5.1, 1.5.2, 1.5.3
Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid…
- CVE-2026-44476MEDIUMCVSS 0.0EG 0.0✓ Fixed in 1.10.02026-06-04
vulnerable: 1.9.0
Doorkeeper Openid Connect: Dynamic Client Registration feature creates public clients with client_secret ### Impact The `DynamicClientRegistrationController#register` action hard-codes `confidential: false` when creating applications (dy…
Check whether doorkeeper-openid_connect is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for doorkeeper-openid_connect CVEs against the assets you own.
Start Free Scan →