Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
PlataformatecDevise*

2 matches found

CVE
CVEadded 2019/09/08 8:15 p.m.131 views

CVE-2019-16109

An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records wo...

5.3CVSS5.1AI score0.00297EPSS
CVE
CVEadded 2019/04/03 3:29 p.m.71 views

CVE-2019-5421

Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more specifically at the #increment_failed_attempts method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests ...

9.8CVSS9.3AI score0.00229EPSS