CVE-2015-8314
7.5HIGHThe Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.
Published: 12/12/2023Updated: 5/27/2025
Description
The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.
AI AnalysisPowered by AI
Affected Products
heartcombodevise
References
- https://github.com/advisories/GHSA-746g-3gfp-hfhwPatchThird Party Advisory
- https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24Patch
- https://rubysec.com/advisories/CVE-2015-8314/Third Party Advisory
- https://github.com/advisories/GHSA-746g-3gfp-hfhwPatchThird Party Advisory
- https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24Patch
- https://rubysec.com/advisories/CVE-2015-8314/Third Party Advisory