Lucene search
GoogleOSV:CVE-2019-9837HistoryMar 21, 2019 - 4:01 p.m.
CVE-2019-9837
2019-03-2116:01:17
Google
osv.dev
2
EPSS
0.001
Percentile
41.8%
Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the ‘openid’ scope and a prompt=none value. This allows phishing attacks against the authorization flow.
Related
cvelist
cvelist
CVE-2019-9837
2019-03-15 23:00:00
ubuntucve
ubuntucve
CVE-2019-9837
2019-03-21 00:00:00
osv
osv
Doorkeeper-openid_connect contains Open Redirect
2019-03-25 16:15:54
nvd
nvd
CVE-2019-9837
2019-03-21 16:01:17
rubygems
rubygems
Doorkeeper::OpenidConnect Open Redirect
2019-03-24 21:00:00
veracode
veracode
Open Redirect
2019-03-22 05:00:19
prion
prion
Design/Logic Flaw
2019-03-21 16:01:00
github
github
Doorkeeper-openid_connect contains Open Redirect
2019-03-25 16:15:54
cve
cve
CVE-2019-9837
2019-03-21 16:01:17
debiancve
debiancve
CVE-2019-9837
2019-03-21 16:01:17