CVE-2023-48220
Summary: CVE-2023-48220 affects Decidim and its related gems, via the devise_invitable integration. The issue permits an invited user to accept the invitation indefinitely through the password-reset flow because the code only checks that a user has been invited, not that the invitation is still w...