CVE-2013-0233

Name of the Vulnerable Software and Affected Versions Devise gem versions 1.5.x before 1.5.4 Devise gem versions 2.0.x before 2.0.5 Devise gem versions 2.1.x before 2.1.3 Devise gem versions 2.2.x before 2.2.3

Description The issue is related to improper type conversion when performing database queries. This might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors. For example, it could be used to reset passwords of arbitrary accounts.

Recommendations For Devise gem version 1.5.x, update to version 1.5.4 or later. For Devise gem version 2.0.x, update to version 2.0.5 or later. For Devise gem version 2.1.x, update to version 2.1.3 or later. For Devise gem version 2.2.x, update to version 2.2.3 or later.