GHSA-73rf-6mrf-759q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-73rf-6mrf-759q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/03/GHSA-73rf-6mrf-759q/GHSA-73rf-6mrf-759q.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-73rf-6mrf-759q
- Aliases
- Published
- 2019-03-19T18:03:25Z
- Modified
- 2024-11-30T05:31:04.698625Z
- Summary
- devise Time-of-check Time-of-use Race Condition vulnerability
- Details
-
Devise ruby gem before 4.6.0 when the
lockablemodule is used is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due toincrement_failed_attemptswithin theDevise::Models::Lockableclass not being concurrency safe. - Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-367" ], "github_reviewed_at": "2020-06-16T21:21:17Z", "nvd_published_at": null, "severity": "MODERATE" }- References
Affected packages
RubyGems / devise
Package
- Name
- devise
- Purl
- pkg:gem/devise
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.6.0
Affected versions
0.*
0.1.0
0.1.1
0.2.0
0.2.1
0.2.2
0.2.3
0.3.0
0.4.0
0.4.1
0.4.2
0.4.3
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.6.0
0.6.1
0.6.2
0.6.3
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.8.0
0.8.1
0.8.2
0.9.0
0.9.1
0.9.2
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.1.pre
1.1.pre2
1.1.pre3
1.1.pre4
1.1.rc0
1.1.rc1
1.1.rc2
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.2.rc
1.2.rc2
1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.4.1
1.4.2
1.4.3
1.4.5
1.4.7
1.4.8
1.4.9
1.5.0.rc1
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
2.*
2.0.0.rc
2.0.0.rc2
2.0.0
2.0.1
2.0.2
2.0.4
2.0.5
2.0.6
2.1.0.rc
2.1.0.rc2
2.1.0
2.1.2
2.1.3
2.1.4
2.2.0.rc
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
3.*
3.0.0.rc
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.1.0.rc2
3.1.0
3.1.1
3.1.2
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.3.0
3.4.0
3.4.1
3.5.1
3.5.2
3.5.3
3.5.4
3.5.5
3.5.6
3.5.7
3.5.8
3.5.9
3.5.10
4.*
4.0.0.rc1
4.0.0.rc2
4.0.0
4.0.1
4.0.2
4.0.3
4.1.0
4.1.1
4.2.0
4.2.1
4.3.0
4.4.0
4.4.1
4.4.2
4.4.3
4.5.0