admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2013/0xxx/CVE-2013-0233.json
CVE Team f8f8991f45
"-Synchronized-Data."
2019-03-18 00:27:54 +00:00

92 lines
3.5 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.metasploit.com/modules/auxiliary/admin/http/rails_devise_pass_reset",
"refsource": "MISC",
"url": "http://www.metasploit.com/modules/auxiliary/admin/http/rails_devise_pass_reset"
},
{
"name": "[oss-security] 20130128 Re: CVE request for 'devise' ruby gem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/3"
},
{
"name": "http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html",
"refsource": "MISC",
"url": "http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html"
},
{
"name": "openSUSE-SU-2013:0374",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html"
},
{
"name": "57577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57577"
},
{
"name": "http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/",
"refsource": "CONFIRM",
"url": "http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/"
},
{
"name": "https://github.com/Snorby/snorby/issues/261",
"refsource": "MISC",
"url": "https://github.com/Snorby/snorby/issues/261"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink