Devise Masquerade
1 CVEs
product
Monthly
The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Information Disclosure
Devise Masquerade
NVD
GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-28680
Ruby
EPSS 1%
CVSS 8.1
HIGH
POC
PATCH
This Week
The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Information Disclosure
Devise Masquerade
NVD
GitHub