concurrent-ruby
RubyGems3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting concurrent-rubypage 1 of 1
- CVE-2026-54904HIGHCVSS 7.5EG 7.5✓ Fixed in 1.3.72026-06-19
vulnerable: 0.0.1 ... 1.3.6 (77 versions)
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReference#update can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicRef…
- CVE-2026-54905MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.3.72026-06-19
vulnerable: 0.0.1 ... 1.3.6 (77 versions)
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and w…
- CVE-2026-54906CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.3.72026-06-19
vulnerable: 0.0.1 ... 1.3.6 (77 versions)
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an …
Check whether concurrent-ruby is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for concurrent-ruby CVEs against the assets you own.
Start Free Scan →