blob: d7cd77d706f9e1927e88d7db8297d78bcc847e42 [file] [log] [blame]
id: GO-2021-0109
modules:
- module: github.com/ory/fosite
versions:
- fixed: 0.34.0
vulnerable_at: 0.33.0
packages:
- package: github.com/ory/fosite/handler/oauth2
symbols:
- TokenRevocationHandler.RevokeToken
summary: Improper handling of token revocation in github.com/ory/fosite
description: |-
Due to improper error handling, an error with the underlying token storage may
cause a user to believe a token has been successfully revoked when it is in fact
still valid. An attackers ability to exploit this relies on an ability to
trigger errors in the underlying storage.
published: 2021-07-28T18:08:05Z
cves:
- CVE-2020-15223
ghsas:
- GHSA-7mqr-2v3q-v2wm
references:
- fix: https://github.com/ory/fosite/commit/03dd55813f5521985f7dd64277b7ba0cf1441319
review_status: REVIEWED