EPSS
Percentile
71.8%
Devise ruby gem before 4.6.0 when the lockable module is used is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to increment_failed_attempts within the Devise::Models::Lockable class not being concurrency safe.
lockable
increment_failed_attempts
Devise::Models::Lockable
github.com/plataformatec/devise
github.com/plataformatec/devise/issues/4981
github.com/plataformatec/devise/pull/4996
nvd.nist.gov/vuln/detail/CVE-2019-5421