Vulnerability in Plataformatec Devise
CVE-2013-0233
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote atta…
EPSS: 0.688 (98.6th percentile) — read the EPSS interpretation.
Affected products
- Plataformatec Devise — versions 1.5.0, 1.5.1, 1.5.2
- Ruby-lang Ruby
- Opensuse — versions 12.2
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (Exploit, x_refsource_MISC)
- [oss-security] 20130128 Re: CVE request for 'devise' ruby gem (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (Exploit, x_refsource_MISC)
- openSUSE-SU-2013:0374 (vendor-advisory, x_refsource_SUSE)
- 57577 (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- secalert@redhat.com (x_refsource_MISC)
Frequently asked questions
- What is CVE-2013-0233?
- CVE-2013-0233 is a vulnerability in Plataformatec Devise, classified under CWE-399. Published 2013-04-25.
- Is CVE-2013-0233 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.