Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Investigate if CVE-2024-0227 is relevant #1630

Open
ros-cr opened this issue Jan 18, 2024 · 0 comments
Open

Investigate if CVE-2024-0227 is relevant #1630

ros-cr opened this issue Jan 18, 2024 · 0 comments

Comments

@ros-cr
Copy link

ros-cr commented Jan 18, 2024

I'm a pentester from Radically Open Security.
We recently reported a 2FA bypass vulnerability in the devise-two-factor library, see the GHSA-chcr-x7hc-8fp8 advisory and my writeup.

Since Violet Rails uses the devise-two-factor library for 2FA authentication, we recommend looking into this as a potential security problem you could be affected by. Please note that we have not further analyzed your project code.

Relevant gem definition:

gem 'devise-two-factor', "4.0.2"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant