CVE-2013-0233

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass...

CVE-2013-0233

CVE-2013-0233 concerns the Devise gem for Ruby. Affected versions (2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4) may mishandle type conversion during database queries when used with certain databases, potentially allowing remote attackers to obtain incorrect ...

Ruby on Rails Devise Authentication Password Reset

The Devise authentication gem for Ruby on Rails is vulnerable to a password reset exploit leveraging type confusion. By submitting XML to rails, we can influence the type used for the resetpasswordtoken parameter. This allows for resetting passwords of arbitrary accounts, knowing only the...

Devise Database Type Conversion Crafted Request Parsing Security Bypass

Devise contains a flaw that is triggered during when a type conversion error occurs during the parsing of a malformed request. With a specially crafted request, a remote attacker can bypass security restrictions...