{"url":"http://public2.vulnerablecode.io/api/packages/406286?format=json","purl":"pkg:gem/devise@1.0.1","type":"gem","namespace":"","name":"devise","version":"1.0.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.0.4","latest_non_vulnerable_version":"5.0.4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204069?format=json","vulnerability_id":"VCID-n8h7-2tc4-dfes","summary":"Authentication Bypass in Devise","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16109","reference_id":"","reference_type":"","scores":[{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.5361","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53483","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53612","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53625","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16109"},{"reference_url":"https://github.com/plataformatec/devise","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plataformatec/devise"},{"reference_url":"https://github.com/plataformatec/devise/compare/v4.7.0...v4.7.1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plataformatec/devise/compare/v4.7.0...v4.7.1"},{"reference_url":"https://github.com/plataformatec/devise/issues/5071","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plataformatec/devise/issues/5071"},{"reference_url":"https://github.com/plataformatec/devise/pull/5132","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plataformatec/devise/pull/5132"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16109","reference_id":"CVE-2019-16109","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16109"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/CVE-2019-16109.yml","reference_id":"CVE-2019-16109.YML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/CVE-2019-16109.yml"},{"reference_url":"https://github.com/advisories/GHSA-fcjw-8rhj-gwwc","reference_id":"GHSA-fcjw-8rhj-gwwc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fcjw-8rhj-gwwc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15600?format=json","purl":"pkg:gem/devise@4.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p8ur-g946-m3cp"},{"vulnerability":"VCID-pmvk-19cw-6fb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/devise@4.7.1"}],"aliases":["CVE-2019-16109","GHSA-fcjw-8rhj-gwwc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n8h7-2tc4-dfes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83998?format=json","vulnerability_id":"VCID-p8ur-g946-m3cp","summary":"Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the FailureApp#redirect_url method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET request that results in a session timeout. An attacker who hosts a page with an auto-submitting cross-origin form can cause a victim with an expired Devise session to be redirected to an arbitrary external URL. This contrasts with the GET timeout path (which uses server-side attempted_path) and Devise's own store_location_for mechanism (which strips external hosts via extract_path_from_location), both of which are protected; only the non-GET timeout redirect path is unprotected. Expired-session users can be silently redirected from the trusted app domain to attacker-controlled URLs, enabling phishing and malware delivery while bypassing browser warnings. Note: Rails' built-in open-redirect protection does not mitigate this issue. Devise::FailureApp is an ActionController::Metal app with its own isolated copy of the relevant redirect configuration, so config.action_controller.action_on_open_redirect = :raise (and the older raise_on_open_redirects setting) do not reach it. This issue has been fixed in version 5.0.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40295","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20798","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20995","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20975","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40295"},{"reference_url":"https://github.com/heartcombo/devise","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/heartcombo/devise"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/CVE-2026-40295.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/CVE-2026-40295.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40295","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40295"},{"reference_url":"https://github.com/heartcombo/devise/commit/025fe2124f9928766fc46520e999633b598d0360","reference_id":"025fe2124f9928766fc46520e999633b598d0360","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:09:47Z/"}],"url":"https://github.com/heartcombo/devise/commit/025fe2124f9928766fc46520e999633b598d0360"},{"reference_url":"https://github.com/advisories/GHSA-jp94-3292-c3xv","reference_id":"GHSA-jp94-3292-c3xv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jp94-3292-c3xv"},{"reference_url":"https://github.com/heartcombo/devise/security/advisories/GHSA-jp94-3292-c3xv","reference_id":"GHSA-jp94-3292-c3xv","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:09:47Z/"}],"url":"https://github.com/heartcombo/devise/security/advisories/GHSA-jp94-3292-c3xv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375978?format=json","purl":"pkg:gem/devise@5.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/devise@5.0.4"}],"aliases":["CVE-2026-40295","GHSA-jp94-3292-c3xv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p8ur-g946-m3cp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203371?format=json","vulnerability_id":"VCID-pfnf-z36c-ekch","summary":"devise Time-of-check Time-of-use Race Condition vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5421","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.46013","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45868","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.46007","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.46021","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5421"},{"reference_url":"https://github.com/plataformatec/devise","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plataformatec/devise"},{"reference_url":"https://github.com/plataformatec/devise/issues/4981","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plataformatec/devise/issues/4981"},{"reference_url":"https://github.com/plataformatec/devise/pull/4996","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/plataformatec/devise/pull/4996"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926348","reference_id":"926348","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926348"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5421","reference_id":"CVE-2019-5421","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5421"},{"reference_url":"https://github.com/advisories/GHSA-73rf-6mrf-759q","reference_id":"GHSA-73rf-6mrf-759q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-73rf-6mrf-759q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15087?format=json","purl":"pkg:gem/devise@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n8h7-2tc4-dfes"},{"vulnerability":"VCID-p8ur-g946-m3cp"},{"vulnerability":"VCID-pmvk-19cw-6fb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/devise@4.6.0"}],"aliases":["CVE-2019-5421","GHSA-73rf-6mrf-759q"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pfnf-z36c-ekch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28168?format=json","vulnerability_id":"VCID-pmvk-19cw-6fb6","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32700.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32700.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32700","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05413","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05422","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0543","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05436","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32700"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32700","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32700"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/heartcombo/devise","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/heartcombo/devise"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/CVE-2026-32700.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/CVE-2026-32700.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32700","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32700"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448858","reference_id":"2448858","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448858"},{"reference_url":"https://github.com/heartcombo/devise/issues/5783","reference_id":"5783","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:35:55Z/"}],"url":"https://github.com/heartcombo/devise/issues/5783"},{"reference_url":"https://github.com/heartcombo/devise/pull/5784","reference_id":"5784","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:35:55Z/"}],"url":"https://github.com/heartcombo/devise/pull/5784"},{"reference_url":"https://github.com/advisories/GHSA-57hq-95w6-v4fc","reference_id":"GHSA-57hq-95w6-v4fc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57hq-95w6-v4fc"},{"reference_url":"https://github.com/heartcombo/devise/security/advisories/GHSA-57hq-95w6-v4fc","reference_id":"GHSA-57hq-95w6-v4fc","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:35:55Z/"}],"url":"https://github.com/heartcombo/devise/security/advisories/GHSA-57hq-95w6-v4fc"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/GHSA-57hq-95w6-v4fc.yml","reference_id":"GHSA-57hq-95w6-v4fc.yml","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T17:35:55Z/"}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/GHSA-57hq-95w6-v4fc.yml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374806?format=json","purl":"pkg:gem/devise@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p8ur-g946-m3cp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/devise@5.0.3"}],"aliases":["CVE-2026-32700","GHSA-57hq-95w6-v4fc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmvk-19cw-6fb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/158773?format=json","vulnerability_id":"VCID-rx2q-3n2g-pfdk","summary":"The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.","references":[{"reference_url":"http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise"},{"reference_url":"http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8314","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38572","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38745","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38757","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38767","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8314","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8314"},{"reference_url":"https://gist.github.com/josevalim/924ce7cc4c0e5039fd79","reference_id":"","reference_type":"","scores":[],"url":"https://gist.github.com/josevalim/924ce7cc4c0e5039fd79"},{"reference_url":"https://github.com/heartcombo/devise","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/heartcombo/devise"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/CVE-2015-8314.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/CVE-2015-8314.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8314","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8314"},{"reference_url":"https://rubysec.com/advisories/CVE-2015-8314","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubysec.com/advisories/CVE-2015-8314"},{"reference_url":"https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24","reference_id":"c92996646aba2d25b2c3e235fe0c4f1a84b70d24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-15T21:15:20Z/"}],"url":"https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24"},{"reference_url":"https://rubysec.com/advisories/CVE-2015-8314/","reference_id":"CVE-2015-8314","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-15T21:15:20Z/"}],"url":"https://rubysec.com/advisories/CVE-2015-8314/"},{"reference_url":"https://github.com/advisories/GHSA-746g-3gfp-hfhw","reference_id":"GHSA-746g-3gfp-hfhw","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-15T21:15:20Z/"}],"url":"https://github.com/advisories/GHSA-746g-3gfp-hfhw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380087?format=json","purl":"pkg:gem/devise@3.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n8h7-2tc4-dfes"},{"vulnerability":"VCID-p8ur-g946-m3cp"},{"vulnerability":"VCID-pfnf-z36c-ekch"},{"vulnerability":"VCID-pmvk-19cw-6fb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/devise@3.5.4"}],"aliases":["CVE-2015-8314","GHSA-746g-3gfp-hfhw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rx2q-3n2g-pfdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200150?format=json","vulnerability_id":"VCID-upyy-cq4f-dfar","summary":"Devise does not properly perform type conversion when performing database queries","references":[{"reference_url":"http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released"},{"reference_url":"http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/","reference_id":"","reference_type":"","scores":[],"url":"http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0233","reference_id":"","reference_type":"","scores":[{"value":"0.68821","scoring_system":"epss","scoring_elements":"0.98653","published_at":"2026-06-14T12:55:00Z"},{"value":"0.68821","scoring_system":"epss","scoring_elements":"0.98647","published_at":"2026-06-11T12:55:00Z"},{"value":"0.68821","scoring_system":"epss","scoring_elements":"0.98651","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0233"},{"reference_url":"https://github.com/Snorby/snorby/issues/261","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Snorby/snorby/issues/261"},{"reference_url":"https://web.archive.org/web/20140726005251/http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140726005251/http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html"},{"reference_url":"https://web.archive.org/web/20200229103406/http://www.securityfocus.com/bid/57577","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229103406/http://www.securityfocus.com/bid/57577"},{"reference_url":"http://www.metasploit.com/modules/auxiliary/admin/http/rails_devise_pass_reset","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.metasploit.com/modules/auxiliary/admin/http/rails_devise_pass_reset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/01/29/3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/01/29/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0233","reference_id":"CVE-2013-0233","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0233"},{"reference_url":"https://github.com/advisories/GHSA-jxhw-mg8m-2pj8","reference_id":"GHSA-jxhw-mg8m-2pj8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jxhw-mg8m-2pj8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12857?format=json","purl":"pkg:gem/devise@1.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n8h7-2tc4-dfes"},{"vulnerability":"VCID-p8ur-g946-m3cp"},{"vulnerability":"VCID-pfnf-z36c-ekch"},{"vulnerability":"VCID-pmvk-19cw-6fb6"},{"vulnerability":"VCID-rx2q-3n2g-pfdk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/devise@1.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/12796?format=json","purl":"pkg:gem/devise@2.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7x1-t3jf-uyeb"},{"vulnerability":"VCID-n8h7-2tc4-dfes"},{"vulnerability":"VCID-p8ur-g946-m3cp"},{"vulnerability":"VCID-pfnf-z36c-ekch"},{"vulnerability":"VCID-pmvk-19cw-6fb6"},{"vulnerability":"VCID-rx2q-3n2g-pfdk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/devise@2.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/399590?format=json","purl":"pkg:gem/devise@2.1.0.rc","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7x1-t3jf-uyeb"},{"vulnerability":"VCID-n8h7-2tc4-dfes"},{"vulnerability":"VCID-p8ur-g946-m3cp"},{"vulnerability":"VCID-pfnf-z36c-ekch"},{"vulnerability":"VCID-pmvk-19cw-6fb6"},{"vulnerability":"VCID-rx2q-3n2g-pfdk"},{"vulnerability":"VCID-upyy-cq4f-dfar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/devise@2.1.0.rc"},{"url":"http://public2.vulnerablecode.io/api/packages/12859?format=json","purl":"pkg:gem/devise@2.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7x1-t3jf-uyeb"},{"vulnerability":"VCID-n8h7-2tc4-dfes"},{"vulnerability":"VCID-p8ur-g946-m3cp"},{"vulnerability":"VCID-pfnf-z36c-ekch"},{"vulnerability":"VCID-pmvk-19cw-6fb6"},{"vulnerability":"VCID-rx2q-3n2g-pfdk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/devise@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/399592?format=json","purl":"pkg:gem/devise@2.2.0.rc","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7x1-t3jf-uyeb"},{"vulnerability":"VCID-n8h7-2tc4-dfes"},{"vulnerability":"VCID-p8ur-g946-m3cp"},{"vulnerability":"VCID-pfnf-z36c-ekch"},{"vulnerability":"VCID-pmvk-19cw-6fb6"},{"vulnerability":"VCID-rx2q-3n2g-pfdk"},{"vulnerability":"VCID-upyy-cq4f-dfar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/devise@2.2.0.rc"},{"url":"http://public2.vulnerablecode.io/api/packages/12891?format=json","purl":"pkg:gem/devise@2.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7x1-t3jf-uyeb"},{"vulnerability":"VCID-n8h7-2tc4-dfes"},{"vulnerability":"VCID-p8ur-g946-m3cp"},{"vulnerability":"VCID-pfnf-z36c-ekch"},{"vulnerability":"VCID-pmvk-19cw-6fb6"},{"vulnerability":"VCID-rx2q-3n2g-pfdk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/devise@2.2.3"}],"aliases":["CVE-2013-0233","GHSA-jxhw-mg8m-2pj8","OSV-89642"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-upyy-cq4f-dfar"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/devise@1.0.1"}