CVE-2019-16109
- EPSS 0.3%
- Veröffentlicht 08.09.2019 20:15:10
- Zuletzt bearbeitet 21.11.2024 04:30:03
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario withi...
CVE-2019-5421
- EPSS 0.23%
- Veröffentlicht 03.04.2019 15:29:01
- Zuletzt bearbeitet 21.11.2024 04:44:54
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockabl...
CVE-2013-0233
- EPSS 68.82%
- Veröffentlicht 25.04.2013 23:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to ca...