GHSA-mpwp-4h2m-765c (activejob): Active Job - Object injection security vulnerability if Global IDs

Active Job - Object injection security vulnerability if Global IDs

Published: September 29, 2014

SECURITY IDENTIFIERS

GHSA: GHSA-mpwp-4h2m-765c
OSVDB: OSVDB-112347

GEM

activejob

FRAMEWORK

Ruby on Rails

PATCHED VERSIONS

>= 4.2.0.beta2

DESCRIPTION

Active Job vulnerability: An Active Job bug allowed String arguments to be deserialized as if they were Global IDs, an object injection security vulnerability.

In release post: "Active Job vulnerability: We also fixed an Active Job bug that allowed String arguments to be deserialized as if they were Global IDs, an object injection security vulnerability.

https://advisories.gitlab.com/pkg/gem/activejob/OSVDB-112347
https://rubyonrails.org/2014/9/29/Rails-4-2-0-beta2-has-been-released
https://advisories.gitlab.com/pkg/gem/activejob/GHSA-mpwp-4h2m-765c
https://github.com/advisories/GHSA-mpwp-4h2m-765c

RubySec