CVE-2019-16109
CVE-2019-16109 affects Plataformatec Devise before 4.7.1. The flaw allows account confirmation when a request carries a blank confirmation_token and a database record has a blank token, though there is no scenario within Devise where such records would exist. Red Hat/NVDOSV/Nessus attest to the s...