Sha256: 737998d73244ff4565f184946bb216b4126b11a12044d7cb4d4dedae23dadca0
Contents?: true
Size: 516 Bytes
Versions: 1
Compression:
Stored size: 516 Bytes
Contents
--- gem: devise cve: 2019-5421 url: https://github.com/plataformatec/devise/issues/4981 title: Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module date: 2019-02-07 description: | Devise ruby gem before 4.6.0 when the `lockable` module is used is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to `increment_failed_attempts` within the `Devise::Models::Lockable` class not being concurrency safe. patched_versions: - ">= 4.6.0" cvss_v2: 7.5 cvss_v3: 9.8
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/devise/CVE-2019-5421.yml |