N/A

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.

N/A

N/A

Devise gem for Ruby 安全绕过漏洞

Devise gem for Ruby中存在漏洞，该漏洞源于当使用某些数据库时，在进行数据库查询期间程序未正确执行类型转换。远程攻击者可通过未知向量利用该漏洞造成返回错误结果，通过重置任意账户的密码来绕过安全检查。以下版本中受到影响：Devise gem 2.2.3之前的2.2.x版本，2.1.3之前的2.1.x版本，2.0.5之前的2.0.x版本，1.5.4之前的1.5.x版本。

N/A

N/A