Sha256: cc0ff919bd997783d6f4fe8bb7cd7a565b35c28c2774ea8447c0c10308d98ab4

Contents?: true

Size: 591 Bytes

Versions: 6

Compression:

Stored size: 591 Bytes

Contents

---
gem: devise
cve: 2015-8314
url: http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/
title: Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
date: 2016-01-18
description: |
  Devise version before 3.5.4 uses cookies to implement a "Remember me"
  functionality. However, it generates the same cookie for all devices. If an
  attacker manages to steal a remember me cookie and the user does not change
  the password frequently, the cookie can be used to gain access to the
  application indefinitely.
patched_versions:
  - ">= 3.5.4"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/devise/CVE-2015-8314.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/devise/CVE-2015-8314.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/devise/CVE-2015-8314.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/devise/CVE-2015-8314.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/devise/CVE-2015-8314.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/devise/CVE-2015-8314.yml