Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4aHctbWc4bS0ycGo4

Moderate EPSS: 0.68821% (0.98548 Percentile) EPSS:
Permalink JSON

Devise does not properly perform type conversion when performing database queries

Affected Packages Affected Versions Fixed Versions
rubygems:devise
PURL: pkg:gem/devise
>= 1.5.0, < 1.5.4, >= 2.0.0, < 2.0.5, >= 2.1.0, < 2.1.3, >= 2.2.0, < 2.2.3 1.5.4, 2.0.5, 2.1.3, 2.2.3
866 Dependent packages
228,359 Dependent repositories
254,344,265 Downloads total

Affected Version Ranges

All affected versions

1.5.0, 1.5.1, 1.5.2, 1.5.3, 2.0.0, 2.0.1, 2.0.2, 2.0.4, 2.1.0, 2.1.2, 2.2.0, 2.2.1, 2.2.2

All unaffected versions

0.1.0, 0.1.1, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.5.6, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.8.0, 0.8.1, 0.8.2, 0.9.0, 0.9.1, 0.9.2, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.4.1, 1.4.2, 1.4.3, 1.4.5, 1.4.7, 1.4.8, 1.4.9, 1.5.4, 2.0.5, 2.0.6, 2.1.3, 2.1.4, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.3.0, 3.4.0, 3.4.1, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.5.9, 3.5.10, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.3.0, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.6.0, 4.6.1, 4.6.2, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.8.0, 4.8.1, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.

References:

Identifiers

GHSA-jxhw-mg8m-2pj8

CVE-2013-0233

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.68821

EPSS Percentile: 0.98548

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/Snorby/snorby

Date and time

Published

about 8 years ago

Updated

about 2 years ago

API

JSON