漏洞类别:Local
漏洞等级: 
漏洞信息
RubyGems is a package manager for the Ruby programming language that provides a standard format for distributing Ruby programs and libraries, a tool designed to easily manage the installation of gems, and a server for distributing them.
The Doorkeeper gem fails to revoke tokens and uses wrong authentication method, allowing security bypass.
Affected Versions:
Doorkeeper RubyGem versions 1.2.0 through 4.1
漏洞危害
Successful exploitation allows remote attackers to hijack and impersonate a targeted user.
解决方案
Customers are advised to install RubyGem Doorkeeper 4.2.0 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论