plataformatec devise 2.0.2

CPE Details

plataformatec devise 2.0.2
plataformatec
devise
2.0.2
2013-04-26
12h20 +00:00
2013-04-30
23h38 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:plataformatec:devise:2.0.2:*:*:*:*:*:*:*

Informations

Vendor

plataformatec

Product

devise

Version

2.0.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-16109 2019-09-08 17h57 +00:00 An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records would exist.)
5.3
Medium
CVE-2019-5421 2019-04-03 12h21 +00:00 Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests can prevent an attacker from being blocked on brute force attacks. This attack appear to be exploitable via Network connectivity - brute force attacks. This vulnerability appears to have been fixed in 4.6.0 and later.
9.8
Critical
CVE-2013-0233 2013-04-25 23h00 +00:00 Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.
6.8