Investigate if CVE-2024-0227 is relevant

[ros-cr]

trafficstars

I'm a pentester from Radically Open Security. We recently reported a 2FA bypass vulnerability in the devise-two-factor library, see the GHSA-chcr-x7hc-8fp8 advisory and my writeup.

Since Violet Rails uses the devise-two-factor library for 2FA authentication, we recommend looking into this as a potential security problem you could be affected by. Please note that we have not further analyzed your project code.

Relevant gem definition: https://github.com/restarone/violet_rails/blob/ed4656fa50f3461ca9e97e6d88944c7f5417c89e/Gemfile#L123