Add CVE-2019-16109 for Devise (#413)

Author: tegon

gems/devise/CVE-2019-16109.yml

@@ -0,0 +1,13 @@
+---
+gem: devise
+cve: 2019-16109
+url: https://github.com/plataformatec/devise/issues/5071
+title: Devise Gem for Ruby confirmation token validation with a blank string
+date: 2019-09-08
+description: |
+  Devise before 4.7.1 confirms accounts upon receiving a request with a blank
+  confirmation_token, if a database record has a blank value in the confirmation_token column.
+  However, there is no scenario within Devise itself in which such database records would exist.
+
+patched_versions:
+  - ">= 4.7.1"