EPSS
Percentile
66.0%
devise_masquerade is vulnerable to man-in-the-middle attacks. An attacker can impersonate any user by manipulating masquerade back functionality of the device extension.
masquerade back
github.com/oivoodoo/devise_masquerade/commit/19b7e8cb7111bb1302d78a41215bc7fffa0f8e23
github.com/oivoodoo/devise_masquerade/issues/83
github.com/oivoodoo/devise_masquerade/pull/76
labanskoller.se/blog/2021/03/23/the-devise-extension-that-peeled-off-one-layer-of-the-security-onion-cve-2021-28680/