2 matches found
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
CVE-2019-16109
CVE-2019-16109 affects Plataformatec Devise before 4.7.1. The flaw allows account confirmation when a request carries a blank confirmation_token and a database record has a blank token, though there is no scenario within Devise where such records would exist. Red Hat/NVDOSV/Nessus attest to the s...