CVE-2019-5421

Published 8 months ago
Category: Authentication
Source: GitHub
Severity: Critical

Vulnerability in devise

Devise ruby gem before 4.6.0 when the lockable module is used is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to increment_failed_attempts within the Devise::Models::Lockable class not being concurrency safe.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 4.6.0

Unaffected Versions

n/a

References

n/a