CVE-2026-54905 concurrent-ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used...

CVE-2026-54905 vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, ruby3.3-rails, ruby3.2-rails, kube-fluentd-operator...

CVE-2026-54905

creationtimestamp| type| source ---|---|--- 2026-06-16 21:35:27+00:00| published-proof-of-concept| https://github.com/ruby-concurrency/concurrent-ruby/security/advisories/GHSA-wv3x-4vxv-whpp...