Количество 3
Количество 3
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records would exist.)
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records would exist.)
GHSA-fcjw-8rhj-gwwc
Authentication Bypass in Devise
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-16109 An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records would exist.) | CVSS3: 5.3 | 0% Низкий | больше 6 лет назад |
 | CVE-2019-16109 An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records would exist.) | CVSS3: 5.3 | 0% Низкий | больше 6 лет назад |
| GHSA-fcjw-8rhj-gwwc Authentication Bypass in Devise | CVSS3: 5.3 | 0% Низкий | больше 6 лет назад |
Уязвимостей на страницу