VYPR

RubyGems package

devise_masquerade

pkg:gem/devise_masquerade

Vulnerabilities (1)

  • CVE-2021-28680Dec 7, 2021
    affected < 1.3.1fixed 1.3.1

    The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this extension)