Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2013-04-25 23:55
Updated : 2024-02-28 12:00
NVD link : CVE-2013-0233
Mitre link : CVE-2013-0233
CVE.ORG link : CVE-2013-0233
JSON object : View
Products Affected
ruby-lang
- ruby
opensuse
- opensuse
plataformatec
- devise
CWE
CWE-399
Resource Management Errors