VYPR

RubyGems package

decidim-system

pkg:gem/decidim-system

Vulnerabilities (1)

  • CVE-2023-48220Feb 20, 2024
    affected >= 0.0.1.alpha3, < 0.26.9fixed 0.26.9

    Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue cre