pkg:gem/devise

Type gem

Name devise

Known advisories, vulnerabilities and fixes for devise package.

Repository: https://rubygems.org/gems/devise

Critical 1

High 1

Medium 2

None 1

Type	Version	Distribution	# CVEs	# Advisory ID	Title	Severity	Published
Affected	< 3.0.1			RUBYSEC:DEVISE-114435	CSRF token fixation attacks in Devise		2013-08-02T00:00:00 (11 years ago)
Fixed	= 2.2.5 >= 3.0.1			RUBYSEC:DEVISE-114435	CSRF token fixation attacks in Devise		2013-08-02T00:00:00 (11 years ago)
Affected	< 2.2.3		CVE-2013-0233	RUBYSEC:DEVISE-2013-0233	Devise Database Type Conversion Crafted Request Parsing Security Bypass	medium	2013-01-28T00:00:00 (11 years ago)
Fixed	= 1.5.4 = 2.0.5 = 2.1.3 >= 2.2.3		CVE-2013-0233	RUBYSEC:DEVISE-2013-0233	Devise Database Type Conversion Crafted Request Parsing Security Bypass	medium	2013-01-28T00:00:00 (11 years ago)
Affected	< 3.5.4		CVE-2015-8314	RUBYSEC:DEVISE-2015-8314	Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie	high	2016-01-18T00:00:00 (8 years ago)
Fixed	>= 3.5.4		CVE-2015-8314	RUBYSEC:DEVISE-2015-8314	Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie	high	2016-01-18T00:00:00 (8 years ago)
Affected	< 4.7.1		CVE-2019-16109	RUBYSEC:DEVISE-2019-16109	Devise Gem for Ruby confirmation token validation with a blank string	medium	2019-09-08T00:00:00 (5 years ago)
Fixed	>= 4.7.1		CVE-2019-16109	RUBYSEC:DEVISE-2019-16109	Devise Gem for Ruby confirmation token validation with a blank string	medium	2019-09-08T00:00:00 (5 years ago)
Affected	< 4.6.0		CVE-2019-5421	RUBYSEC:DEVISE-2019-5421	Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module	critical	2019-02-07T00:00:00 (5 years ago)
Fixed	>= 4.6.0		CVE-2019-5421	RUBYSEC:DEVISE-2019-5421	Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module	critical	2019-02-07T00:00:00 (5 years ago)