title: Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable
Devise ruby gem before 4.6.0 when the `lockable` module is used is vulnerable to a
time-of-check time-of-use (TOCTOU) race condition due to `increment_failed_attempts`
within the `Devise::Models::Lockable` class not being concurrency safe.
- ">= 4.6.0"