CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
heartcombodevise
𝑥
< 3.5.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ruby-devise
bullseye
4.7.3-2
fixed
bookworm
4.8.1-1
fixed
sid
4.9.3-1
fixed
trixie
4.9.3-1
fixed
Common Weakness Enumeration
References
https://github.com/advisories/GHSA-746g-3gfp-hfhw
https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24
https://rubysec.com/advisories/CVE-2015-8314/
https://github.com/advisories/GHSA-746g-3gfp-hfhw
https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24
https://rubysec.com/advisories/CVE-2015-8314/