4.0.2

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-17	CVE-2024-8796	Insufficient Entropy vulnerability in Tinfoilsecurity Devise-Two-Factor Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. network high complexity tinfoilsecurity CWE-331	5.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.