15 matches found
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
EUVD-2019-0664
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-16109
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record...
GHSA-FCJW-8RHJ-GWWC Authentication Bypass in Devise
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
UBUNTU-CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
Cross site request forgery (csrf)
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
CVE-2019-16109
CVE-2019-16109 affects Plataformatec Devise before 4.7.1. The flaw allows account confirmation when a request carries a blank confirmation_token and a database record has a blank token, though there is no scenario within Devise where such records would exist. Red Hat/NVDOSV/Nessus attest to the s...
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
CVE-2019-5421
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more specifically at the incrementfailedattempts method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests c...
CVE-2019-5421
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more specifically at the incrementfailedattempts method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests c...
CVE-2019-5421
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more specifically at the incrementfailedattempts method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests c...
CVE-2019-5421
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more specifically at the incrementfailedattempts method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests c...
CVE-2019-5421
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more specifically at the incrementfailedattempts method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests c...