CVE-2013-0233
Description
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
68.821
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2013-0233 are fixed in Ruby-devise 2.2.3 | Windows |
| Vulnerabilities CVE-2013-0233 are fixed in Ruby-devise 2.1.3 | Windows |
| Vulnerabilities CVE-2013-0233 are fixed in Ruby-devise 2.0.5 | Windows |
| Vulnerabilities CVE-2013-0233 are fixed in Ruby-devise 1.5.4 | Windows |
| Vulnerabilities CVE-2013-0233 are fixed in Ruby-devise for Linux 2.2.3 | Linux |
| Vulnerabilities CVE-2013-0233 are fixed in Ruby-devise for Linux 2.1.3 | Linux |
| Vulnerabilities CVE-2013-0233 are fixed in Ruby-devise for Linux 2.0.5 | Linux |
| Vulnerabilities CVE-2013-0233 are fixed in Ruby-devise for Linux 1.5.4 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234