CVE-2015-8314

Опубликовано: 12 дек. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.

Ссылки

https://github.com/advisories/GHSA-746g-3gfp-hfhw
Patch
Third Party Advisory
https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24
Patch
https://rubysec.com/advisories/CVE-2015-8314/
Third Party Advisory
https://github.com/advisories/GHSA-746g-3gfp-hfhw
Patch
Third Party Advisory
https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24
Patch
https://rubysec.com/advisories/CVE-2015-8314/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:heartcombo:devise:*:*:*:*:*:ruby:*:*

Версия до 3.5.4 (исключая)

EPSS

Процентиль: 34%

0.00139

Низкий

7.5 High

CVSS3

Дефекты

CWE-312

Связанные уязвимости

CVE-2015-8314

CVSS3: 7.5

debian

около 2 лет назад

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies fo ...

GHSA-746g-3gfp-hfhw

CVSS3: 7.5

github

около 3 лет назад

Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie

EPSS

Процентиль: 34%

0.00139

Низкий

7.5 High

CVSS3

Дефекты

CWE-312