Devise Database Type Conversion Crafted Request Parsing Security Bypass
Published: January 28, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-0233 (NVD)
- GHSA: GHSA-jxhw-mg8m-2pj8
- OSVDB: OSVDB-89642
GEM
SEVERITY
CVSS v2.0: 6.8 (Medium)
PATCHED VERSIONS
~> 1.5.4
~> 2.0.5
~> 2.1.3
>= 2.2.3
DESCRIPTION
Devise contains a flaw that is triggered during when a type conversion error occurs during the parsing of a malformed request. With a specially crafted request, a remote attacker can bypass security restrictions.