CVE-2019-16109
N/A
N/A
Summary
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records would exist.)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/plataformatec/devise/pull/5132
- https://github.com/plataformatec/devise/issues/5071
- https://github.com/plataformatec/devise/compare/v4.7.0…v4.7.1
References
- https://github.com/plataformatec/devise/pull/5132
- https://github.com/plataformatec/devise/issues/5071
- https://github.com/plataformatec/devise/compare/v4.7.0…v4.7.1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.