CVE-2015-8314

Опубликовано: 12 дек. 2023

Источник: debian

Описание

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ruby-devise	fixed	3.5.6-2		package

Примечания

https://rubysec.com/advisories/CVE-2015-8314/
https://github.com/advisories/GHSA-746g-3gfp-hfhw
Fixed by: https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24 (v3.5.4)

Связанные уязвимости

CVE-2015-8314

CVSS3: 7.5

nvd

около 2 лет назад

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.

GHSA-746g-3gfp-hfhw

CVSS3: 7.5

github

около 3 лет назад

Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie