CVE-2020-15223
Improper handling of token revocation in github.com/ory/fosite
8.0
HIGH
CVSS 3.1
EPSS 0.47%
Description
Due to improper error handling, an error with the underlying token storage may cause a user to believe a token has been successfully revoked when it is in fact still valid. An attackers ability to exploit this relies on an ability to trigger errors in the underlying storage.
How to fix CVE-2020-15223
To remediate CVE-2020-15223, upgrade the affected package to a fixed version below.
- —upgrade to 0.34.0 or later
- —upgrade to 0.34.0 or later
Is CVE-2020-15223 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.34.0
- from 0, < 0.34.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.0 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N |