CVE-2015-8314
7.5HIGHThe Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.
Publicado: 12/12/2023Actualizado: 5/27/2025
Descripción
The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.
Análisis IAImpulsado por IA
Productos Afectados
heartcombodevise
Referencias
- https://github.com/advisories/GHSA-746g-3gfp-hfhwPatchThird Party Advisory
- https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24Patch
- https://rubysec.com/advisories/CVE-2015-8314/Third Party Advisory
- https://github.com/advisories/GHSA-746g-3gfp-hfhwPatchThird Party Advisory
- https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24Patch
- https://rubysec.com/advisories/CVE-2015-8314/Third Party Advisory