CVE-2015-8314
7.5HIGHThe Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.
Publicado: 12/12/2023Atualizado: 5/27/2025
Descrição
The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.
Análise IADesenvolvido por IA
Produtos Afetados
heartcombodevise
Referências
- https://github.com/advisories/GHSA-746g-3gfp-hfhwPatchThird Party Advisory
- https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24Patch
- https://rubysec.com/advisories/CVE-2015-8314/Third Party Advisory
- https://github.com/advisories/GHSA-746g-3gfp-hfhwPatchThird Party Advisory
- https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24Patch
- https://rubysec.com/advisories/CVE-2015-8314/Third Party Advisory