Skip to main content

Devise

3 CVEs product

Monthly

CVE-2019-16109 Ruby MEDIUM PATCH This Month

An issue was discovered in Plataformatec Devise before 4.7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Devise
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2019-5421 Ruby CRITICAL POC PATCH Act Now

Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Devise
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2013-0233 Ruby MEDIUM POC PATCH THREAT This Month

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.8%.

Authentication Bypass Devise Opensuse
NVD GitHub
CVSS 2.0
6.8
EPSS
68.8%
Threat
4.9
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in Plataformatec Devise before 4.7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Devise
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Devise
NVD GitHub
EPSS 69% 4.9 CVSS 6.8
MEDIUM POC PATCH THREAT This Month

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.8%.

Authentication Bypass Devise Opensuse
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy