Vulnerability in Ruby-concurrency Concurrent-ruby
CVE-2026-54906
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an…
Affected products
- Ruby-concurrency Concurrent-ruby — versions < 1.3.7
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)