Devise gem 2.2.x prior to 2.2.3, 2.1.x prior to 2.1.3, 2.0.x prior to 2.0.5, and 1.5.x prior to 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote malicious users to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
plataformatec devise 2.0.0 |
||
plataformatec devise 1.5.3 |
||
plataformatec devise 1.5.2 |
||
plataformatec devise 1.5.1 |
||
plataformatec devise 2.2.0 |
||
plataformatec devise 2.1.2 |
||
plataformatec devise 2.1.1 |
||
plataformatec devise 2.1.0 |
||
plataformatec devise 2.2.1 |
||
plataformatec devise 2.0.4 |
||
plataformatec devise 2.0.2 |
||
plataformatec devise 2.2.2 |
||
plataformatec devise 2.0.3 |
||
plataformatec devise 2.0.1 |
||
plataformatec devise 1.5.0 |
||
opensuse opensuse 12.2 |