Update Devise to 4.6.1

Description

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module

Devise ruby gem before 4.6.0 when the lockable module is used is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to increment_failed_attempts within the Devise::Models::Lockable class not being concurrency safe.

Patched versions: >= 4.6.0
Unaffected versions: none

Assignee

Unassigned

Reporter

Sarken

Roadmap

Login

Priority

Medium

Affects versions

Fix versions

Components

BackEnd
Gems

Difficulty

Medium

Milestone

Internal 0.9
Configure