Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Devise gem for Ruby 安全绕过漏洞
Vulnerability Description
Devise gem for Ruby中存在漏洞,该漏洞源于当使用某些数据库时,在进行数据库查询期间程序未正确执行类型转换。远程攻击者可通过未知向量利用该漏洞造成返回错误结果,通过重置任意账户的密码来绕过安全检查。以下版本中受到影响:Devise gem 2.2.3之前的2.2.x版本,2.1.3之前的2.1.x版本,2.0.5之前的2.0.x版本,1.5.4之前的1.5.x版本。
CVSS Information
N/A
Vulnerability Type
N/A