github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/bundler/testdata/happy/ruby-advisory-db/gems/CVE-2019-9837.yml

github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/bundler/testdata/happy/ruby-advisory-db/gems/CVE-2019-9837.yml (about)

     1  ---
     2  gem: doorkeeper-openid_connect
     3  cve: 2019-9837
     4  date: 2019-03-25
     5  url: https://github.com/doorkeeper-gem/doorkeeper-openid_connect/blob/master/CHANGELOG.md#v154-2019-02-15
     6  title: Doorkeeper::OpenidConnect Open Redirect
     7  description: Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper)
     8    1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in
     9    an OAuth authorization request (that results in an error response) with the 'openid'
    10    scope and a prompt=none value. This allows phishing attacks against the authorization
    11    flow.
    12  cvss_v3: 6.1
    13  patched_versions:
    14    - ">= 1.5.4"
    15  unaffected_versions:
    16    - "< 1.4.0"