Lucene search
RubySecRUBY:DEVISE-2013-0233-89642HistoryJan 27, 2013 - 8:00 p.m.
Devise Database Type Conversion Crafted Request Parsing Security Bypass
2013-01-2720:00:00
RubySec
nvd.nist.gov
9
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.098
Percentile
94.9%
Devise contains a flaw that is triggered during when a type conversion error
occurs during the parsing of a malformed request. With a specially crafted
request, a remote attacker can bypass security restrictions.
Affected configurations
Node
rubydeviseRange1.5.0–1.5.4
ORrubydeviseRange2.0.0–2.0.5
ORrubydeviseRange2.1.0–2.1.3
ORrubydeviseRange≤2.2.3
References
Related
cvelist
cvelist
CVE-2013-0233
2013-04-25 23:00:00
osv
osv
ubuntucve
ubuntucve
CVE-2013-0233
2013-04-25 00:00:00
prion
prion
Type confusion
2013-04-25 23:55:00
nvd
nvd
CVE-2013-0233
2013-04-25 23:55:01
cve
cve
CVE-2013-0233
2013-04-25 23:55:01
packetstorm
packetstorm
Ruby On Rails Devise Authentication Password Reset
2024-08-31 00:00:00
debiancve
debiancve
CVE-2013-0233
2013-04-25 23:55:01
metasploit
metasploit
Ruby on Rails Devise Authentication Password Reset
2013-02-11 03:10:00
nessus
nessus
openSUSE Security Update : rubygem-devise (openSUSE-SU-2013:0374-1)
2014-06-13 00:00:00
github
github
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.098
Percentile
94.9%
Related for RUBY:DEVISE-2013-0233-89642