RubySec

Providing security resources for the Ruby community

OSVDB-112347 (activejob): Active Job - Object injection security vulnerability if Global IDs

ADVISORIES

GEM

activejob

PATCHED VERSIONS

  • >= 4.2.0.beta2

DESCRIPTION

  • In release post: "Active Job vulnerability: We also fixed an Active Job bug that allowed String arguments to be deserialized as if they were Global IDs, an object injection security vulnerability.

RELATED

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories