devise_masquerade is vulnerable to man-in-the-middle attacks. An attacker can impersonate any user by manipulating masquerade back
functionality of the device extension.
CPE | Name | Operator | Version |
---|---|---|---|
devise_masquerade | le | 1.2.0 | |
devise_masquerade | le | 1.2.0 |