Lucene search
GoogleOSV:GHSA-VV4C-G6Q7-P3Q7HistoryMar 25, 2019 - 4:15 p.m.
Doorkeeper-openid_connect contains Open Redirect
2019-03-2516:15:54
Google
osv.dev
6
EPSS
0.001
Percentile
41.8%
Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the ‘openid’ scope and a prompt=none value. This allows phishing attacks against the authorization flow.
Related
cvelist
cvelist
CVE-2019-9837
2019-03-15 23:00:00
ubuntucve
ubuntucve
CVE-2019-9837
2019-03-21 00:00:00
nvd
nvd
CVE-2019-9837
2019-03-21 16:01:17
osv
osv
CVE-2019-9837
2019-03-21 16:01:17
rubygems
rubygems
Doorkeeper::OpenidConnect Open Redirect
2019-03-24 21:00:00
veracode
veracode
Open Redirect
2019-03-22 05:00:19
prion
prion
Design/Logic Flaw
2019-03-21 16:01:00
github
github
Doorkeeper-openid_connect contains Open Redirect
2019-03-25 16:15:54
cve
cve
CVE-2019-9837
2019-03-21 16:01:17
debiancve
debiancve
CVE-2019-9837
2019-03-21 16:01:17