Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/devise@2.0.5

Type gem

Namespace

Name devise

Version 2.0.5

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.5.4

Latest_non_vulnerable_version 4.6.0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-pxuq-hc2x-cbh4

vulnerability_id VCID-pxuq-hc2x-cbh4

summary

Devise Database Type Conversion Crafted Request Parsing Security Bypass
Using a specially crafted request, an attacker could trick the database type conversion code to return incorrect records. For some token values this could allow an attacker to bypass the proper checks and gain control of other accounts.

references

reference_url	http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/
reference_id
reference_type
scores
url	http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/

fixed_packages

url	pkg:gem/devise@1.5.4
purl	pkg:gem/devise@1.5.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/devise@1.5.4

url	pkg:gem/devise@2.0.5
purl	pkg:gem/devise@2.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/devise@2.0.5

url	pkg:gem/devise@2.1.3
purl	pkg:gem/devise@2.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/devise@2.1.3

url	pkg:gem/devise@2.2.3
purl	pkg:gem/devise@2.2.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/devise@2.2.3

aliases CVE-2013-0233

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pxuq-hc2x-cbh4

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/devise@2.0.5

Package Instance