VYPR
Moderate severityNVD Advisory· Published Apr 25, 2013· Updated Jun 16, 2026

CVE-2013-0233

CVE-2013-0233

Description

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
deviseRubyGems
>= 2.2.0, < 2.2.32.2.3
deviseRubyGems
>= 2.1.0, < 2.1.32.1.3
deviseRubyGems
>= 2.0.0, < 2.0.52.0.5
deviseRubyGems
>= 1.5.0, < 1.5.41.5.4

Affected products

17
  • Heartcombo/Devise15 versions
    cpe:2.3:a:plataformatec:devise:1.5.0:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:plataformatec:devise:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:plataformatec:devise:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plataformatec:devise:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plataformatec:devise:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plataformatec:devise:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:plataformatec:devise:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plataformatec:devise:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plataformatec:devise:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plataformatec:devise:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plataformatec:devise:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:plataformatec:devise:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plataformatec:devise:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plataformatec:devise:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:plataformatec:devise:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plataformatec:devise:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 2.2.0, < 2.2.3

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.