Improper Locking Affecting concurrent-ruby package, versions <1.3.7


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of Concept
EPSS
0.16% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RUBY-CONCURRENTRUBY-17391433
  • published21 Jun 2026
  • disclosed19 Jun 2026
  • creditPranjali Thakur

Introduced: 19 Jun 2026

NewCVE-2026-54906  (opens in a new tab)
CWE-667  (opens in a new tab)

How to fix?

Upgrade concurrent-ruby to version 1.3.7 or higher.

Overview

Affected versions of this package are vulnerable to Improper Locking in the release_write_lock() and release_read_lock() functions. An attacker can disrupt synchronization guarantees and exploit data races or cause denial of service by invoking these functions from unauthorized threads or without holding the appropriate lock.

CVSS Base Scores

version 4.0
version 3.1