| Release | Version |
|---|---|
| bullseye | 3.1.0-2 |
| bookworm | 4.0.2-1 |
| Bug | bullseye | bookworm | Description |
|---|---|---|---|
| CVE-2024-8796 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & ... |
| CVE-2021-43177 | vulnerable (no DSA) | fixed | As a result of an incomplete fix for CVE-2015-7225, in versions of dev ... |
| Bug | Description |
|---|---|
| CVE-2015-7225 | Tinfoil Devise-two-factor before 2.0.0 does not strictly follow sectio ... |