pkg:gem/devise
Type
gem
Name
devise
Known advisories, vulnerabilities and fixes for devise package.
- Repository
- https://rubygems.org/gems/devise
Critical
1
High
1
Medium
2
None
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 3.0.1 | RUBYSEC:DEVISE-114435 | CSRF token fixation attacks in Devise |
2013-08-02T00:00:00
(11 years ago) |
|||
Fixed | = 2.2.5 >= 3.0.1 | RUBYSEC:DEVISE-114435 | CSRF token fixation attacks in Devise |
2013-08-02T00:00:00
(11 years ago) |
|||
Affected | < 2.2.3 |
CVE-2013-0233
|
RUBYSEC:DEVISE-2013-0233 | Devise Database Type Conversion Crafted Request Parsing Security Bypass | medium |
2013-01-28T00:00:00
(11 years ago) |
|
Fixed | = 1.5.4 = 2.0.5 = 2.1.3 >= 2.2.3 |
CVE-2013-0233
|
RUBYSEC:DEVISE-2013-0233 | Devise Database Type Conversion Crafted Request Parsing Security Bypass | medium |
2013-01-28T00:00:00
(11 years ago) |
|
Affected | < 3.5.4 |
CVE-2015-8314
|
RUBYSEC:DEVISE-2015-8314 | Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie | high |
2016-01-18T00:00:00
(8 years ago) |
|
Fixed | >= 3.5.4 |
CVE-2015-8314
|
RUBYSEC:DEVISE-2015-8314 | Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie | high |
2016-01-18T00:00:00
(8 years ago) |
|
Affected | < 4.7.1 |
CVE-2019-16109
|
RUBYSEC:DEVISE-2019-16109 | Devise Gem for Ruby confirmation token validation with a blank string | medium |
2019-09-08T00:00:00
(5 years ago) |
|
Fixed | >= 4.7.1 |
CVE-2019-16109
|
RUBYSEC:DEVISE-2019-16109 | Devise Gem for Ruby confirmation token validation with a blank string | medium |
2019-09-08T00:00:00
(5 years ago) |
|
Affected | < 4.6.0 |
CVE-2019-5421
|
RUBYSEC:DEVISE-2019-5421 | Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module | critical |
2019-02-07T00:00:00
(5 years ago) |
|
Fixed | >= 4.6.0 |
CVE-2019-5421
|
RUBYSEC:DEVISE-2019-5421 | Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module | critical |
2019-02-07T00:00:00
(5 years ago) |