CVE-2015-8314 Information

Description

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions which may allow an adversary to obtain unauthorized persistent application access.

Reference

https://rubysec.com/advisories/CVE-2015-8314/ https://github.com/advisories/GHSA-746g-3gfp-hfhw https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24