15 matches found
Devise Has A Confirmable "change Email" Race Condition Permits User To Confirm Email They Have No Access To
Impact A race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the "reconfirmable" option the default when using Confirmable with email changes. By sending two concurrent email change requests, an...
SUSE CVE-2026-32700
Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...
Linux Distros Unpatched Vulnerability : CVE-2026-32700
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to...
DEBIAN-CVE-2026-32700
Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...
CVE-2026-32700
Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...
CVE-2026-32700
Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...
UBUNTU-CVE-2026-32700
Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...
CVE-2026-32700 Devise has a confirmable "change email" race condition that permits user to confirm email they have no access to
Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...
CVE-2026-32700
Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...
CVE-2026-32700 Devise has a confirmable "change email" race condition that permits user to confirm email they have no access to
Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...
CVE-2026-32700
Devise (Rails) prior to v5.0.3 has a race condition in the Confirmable module used with reconfirmable, allowing an attacker to confirm a victim’s email by issuing two concurrent email-change requests. This desynchronizes confirmation_token and unconfirmed_email; the attacker controls the token’s ...
GHSA-57HQ-95W6-V4FC Devise has a confirmable "change email" race condition permits user to confirm email they have no access to
Impact A race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using Confirmable with email changes. By sending two concurrent email change requests, an...
Race Condition
Overview devise is a flexible authentication solution for Rails with Warden. Affected versions of this package are vulnerable to Race Condition in the Confirmable module, when the reconfirmable option is enabled which it is by default. An attacker can confirm an email address they don't own by...
Devise has a confirmable "change email" race condition permits user to confirm email they have no access to
Impact A race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using Confirmable with email changes. By sending two concurrent email change requests, an...
PT-2026-25981
Impact A race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using Confirmable with email changes. By sending two concurrent email change requests, an...