CVE-2015-8314
7.5HIGHThe Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.
게시됨: 12/12/2023업데이트됨: 5/27/2025
설명
The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.
AI 분석AI 기반
영향받는 제품
heartcombodevise
참조
- https://github.com/advisories/GHSA-746g-3gfp-hfhwPatchThird Party Advisory
- https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24Patch
- https://rubysec.com/advisories/CVE-2015-8314/Third Party Advisory
- https://github.com/advisories/GHSA-746g-3gfp-hfhwPatchThird Party Advisory
- https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24Patch
- https://rubysec.com/advisories/CVE-2015-8314/Third Party Advisory