We're updating the issue view to help you get more done. 

Update Devise to 4.6.1

Description

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module

Devise ruby gem before 4.6.0 when the lockable module is used is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to increment_failed_attempts within the Devise::Models::Lockable class not being concurrency safe.

Patched versions: >= 4.6.0
Unaffected versions: none

Environment

None

Status

Assignee

Unassigned

Reporter

Sarken

Roadmap

Login

Priority

Medium

Affects versions

0.9.240

Fix versions

Components

BackEnd

Difficulty

Medium

Required Access Level

None

Epic Link

Milestone

Internal 0.9