How severe is CVE-2015-8314?

CVE-2015-8314 has a CVSS v3 score of 7.5 (HIGH).

CVE-2015-8314

Name: devise
Author: heartcombo

7.5HIGH

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.

Опубликовано: 12/12/2023Обновлено: 5/27/2025

Описание

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.

ИИ-АнализНа базе ИИ

Затронутые продукты

heartcombodevise

Ссылки

https://github.com/advisories/GHSA-746g-3gfp-hfhw
PatchThird Party Advisory
https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24
Patch
https://rubysec.com/advisories/CVE-2015-8314/
Third Party Advisory
https://github.com/advisories/GHSA-746g-3gfp-hfhw
PatchThird Party Advisory
https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24
Patch
https://rubysec.com/advisories/CVE-2015-8314/
Third Party Advisory