Devise Gem Remember Me Cookie Vulnerability

Devise Gem Remember Me Cookie Vulnerability

CVE-2015-8314 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.

Learn more about our Web Application Penetration Testing UK.