4 matches found
CVE-2019-5421
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more specifically at the incrementfailedattempts method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests c...
DEBIAN-CVE-2019-5421
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more specifically at the incrementfailedattempts method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests c...
Design/Logic Flaw
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more specifically at the incrementfailedattempts method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests c...
Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Devise ruby gem before 4.6.0 when the lockable module is used is vulnerable to a time-of-check time-of-use TOCTOU race condition due to incrementfailedattempts within the Devise::Models::Lockable class not being concurrency safe...