CVE-2013-0233: Devise Database Type Conversion Crafted Request Parsing Security Bypass

April 25, 2013 (updated October 30, 2018)

Using a specially crafted request, an attacker could trick the database type conversion code to return incorrect records. For some token values this could allow an attacker to bypass the proper checks and gain control of other accounts.

References

blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/

Code Behaviors & Features

Detect and mitigate CVE-2013-0233 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →