blob: 93aa15934aa325281aa6ff8f0f233d01b8644ac1 [file] [log] [blame]
module: github.com/ory/fosite
versions:
- fixed: v0.34.0
description: |
Due to improper error handling, an error with the underlying token storage may cause a user
to believe a token has been successfully revoked when it is in fact still valid. An attackers
ability to exploit this relies on an ability to trigger errors in the underlying storage.
published: 2021-07-28T18:08:05Z
cves:
- CVE-2020-15223
ghsas:
- GHSA-7mqr-2v3q-v2wm
symbols:
- TokenRevocationHandler.RevokeToken
links:
commit: https://github.com/ory/fosite/commit/03dd55813f5521985f7dd64277b7ba0cf1441319
context:
- https://github.com/advisories/GHSA-7mqr-2v3q-v2wm