Sha256: c0325b07d8b0077586f71f1d05d444afc33a5476d7399e00e3ba40446129c215

Contents?: true

Size: 603 Bytes

Versions: 6

Compression:

Stored size: 603 Bytes

Contents

---
gem: devise
osvdb: 114435
url: http://blog.plataformatec.com.br/2013/08/csrf-token-fixation-attacks-in-devise/
title: CSRF token fixation attacks in Devise
date: 2013-08-02

description: |
  Devise contains a flaw that allows a remote, user-assisted attacker to
  conduct a CSRF token fixation attack. This issue is triggered as previous
  CSRF tokens are not properly invalidated when a new token is created.
  If an attacker has knowledge of said token, a specially crafted request can
  be made to it, allowing the attacker to conduct CSRF attacks.

patched_versions:
  - ~> 2.2.5
  - ">= 3.0.1"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/devise/OSVDB-114435.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/devise/OSVDB-114435.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/devise/OSVDB-114435.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/devise/OSVDB-114435.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/devise/OSVDB-114435.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/devise/OSVDB-114435.yml