CVE-2013-0233

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass...

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

DEBIAN-CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

Design/Logic Flaw

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

CVE-2015-8314

CVE-2015-8314 affects the Devise gem for Ruby prior to 3.5.4, where the Remember Me cookie handling is flawed. This flaw may allow an attacker to obtain unauthorized persistent access to an application by leveraging the compromised cookie. The issue is reported across multiple sources (Red Hat, D...

GHSA-746G-3GFP-HFHW Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie

Devise version before 3.5.4 uses cookies to implement a "Remember me" functionality. However, it generates the same cookie for all devices. If an attacker manages to steal a remember me cookie and the user does not change the password frequently, the cookie can be used to gain access to the...

CVE-2021-41274

solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...

CVE-2021-41274

solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...

CVE-2021-41274 Authentication Bypass by CSRF Weakness

solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...

CVE-2021-41274

The CVE-2021-41274 entry concerns solidus_auth_devise, which provides authentication for Solidus via the Devise gem. A CSRF weakness allows account takeover when protect_from_forgery is executed before the :load_object hook in Spree::UserController, for configurations using :null_session or :rese...

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module

Devise ruby gem before 4.6.0 when the lockable module is used is vulnerable to a time-of-check time-of-use TOCTOU race condition due to incrementfailedattempts within the Devise::Models::Lockable class not being concurrency safe...

Devise does not properly perform type conversion when performing database queries

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass...

Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie

Devise version before 3.5.4 uses cookies to implement a "Remember me" functionality. However, it generates the same cookie for all devices. If an attacker manages to steal a remember me cookie and the user does not change the password frequently, the cookie can be used to gain access to the...

DEBIAN-CVE-2013-0233

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass...

CVE-2013-0233

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass...

CVE-2013-0233

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass...