Devise Gem Remember Me Cookie Vulnerability
CVE-2015-8314 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.
Learn more about our Web Application Penetration Testing UK.