MEDIUM✓ PATCH🇬🇧 English

CVE-2013-0233

CVSS 6.8v2.0pub. 2013-04-25upd. 2026-04-29

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.

oryginał EN
CVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Opensuse

    OS
    Opensuse
    12.2
  • Plataformatec Devise

    APP
    Plataformatec
    1.5.01.5.11.5.21.5.32.0.02.0.12.0.22.0.32.0.42.1.02.1.12.1.22.2.02.2.12.2.2
  • Ruby Lang Ruby

    APP
    Ruby-Lang
    wszystkie wersje
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2016-4171CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbi...

CVE-2016-4117CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified ve...

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...

CVE-2015-2590CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows re...

CVE-2015-5119CRITICAL9.8⚠ KEVten sam produkt

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash ...