devise Moderate
Input Validation
Discovered 12 months ago
Published about 2 years ago
Category: Input Validation
Source: GitHub
Severity: Moderate

Devise before 4.7.1 confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. However, there is no scenario within Devise itself in which such database records would exist.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 4.7.1

Unaffected Versions