Tinfoilsecurity Devise-two-factor — known CVE vulnerabilities
Every CVE whose affected-product data names Tinfoilsecurity Devise-two-factor, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2015-7225 — CVSS 5.3 (medium): Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated…
CVE-2021-43177 — CVSS 5.3 (medium): As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a…
CVE-2024-8796 — CVSS 5.3 (medium): Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of…