FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Rails -- Active Job vulnerability

Affected packages
rubygem-activejob4 < 4.2.11
rubygem-activejob5 < 5.1.6.1
rubygem-activejob50 < 5.0.7.1

Details

VuXML ID f96044a2-7df9-414b-9f6b-6e5b85d06c86
Discovery 2018-11-27
Entry 2018-12-02

Ruby on Rails blog:

Rails 4.2.11, 5.0.7.1, 5.1.6.1 and 5.2.1.1 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible

CVE-2018-16476 Broken Access Control vulnerability in Active Job: Carefully crafted user input can cause Active Job to deserialize it using GlobalId and allow an attacker to have access to information that they should not have.

[source]

References

CVE Name CVE-2018-16476
URL https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.