CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Plataformatec: >> Devise >> 4.6.1 Security Vulnerabilities

CVE-2019-16109

An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records would exist.)

CVSS Score

5.3

EPSS Score

0.003

Published

2019-09-08

Page 1

Vulnerabilities

Vulnerable Software

Plataformatec: >> Devise >> 4.6.1 Security Vulnerabilities

Products

Pricing

Contact Us