VYPR

RubyGems package

devise_invitable

pkg:gem/devise_invitable

Vulnerabilities (1)

  • CVE-2023-48220Feb 20, 2024
    affected >= 0.4.rc3, < 2.0.9fixed 2.0.9

    Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue cre