Active Job - Object injection security vulnerability if Global IDs
Published: September 29, 2014
SECURITY IDENTIFIERS
- OSVDB: OSVDB-112347
- Vendor Advisory: https://advisories.gitlab.com/pkg/gem/activejob/OSVDB-112347
GEM
PATCHED VERSIONS
>= 4.2.0.beta2
DESCRIPTION
- In release post: "Active Job vulnerability: We also fixed an Active Job bug that allowed String arguments to be deserialized as if they were Global IDs, an object injection security vulnerability.