CVE-2019-5421

Published about 1 month ago
Category: Authentication
Source: GitHub
Severity: Moderate

Vulnerability in devise

Devise ruby gem before 4.6.0 when the lockable module is used is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to increment_failed_attempts within the Devise::Models::Lockable class not being concurrency safe.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 4.6.0

Unaffected Versions

n/a

References

n/a