FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Rails -- Active Job vulnerability

Affected packages
rubygem-activejob4 < 4.2.11
rubygem-activejob5 < 5.1.6.1
rubygem-activejob50 < 5.0.7.1

Details

VuXML ID f96044a2-7df9-414b-9f6b-6e5b85d06c86
Discovery 2018-11-27
Entry 2018-12-02

Ruby on Rails blog:

Rails 4.2.11, 5.0.7.1, 5.1.6.1 and 5.2.1.1 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible

CVE-2018-16476 Broken Access Control vulnerability in Active Job: Carefully crafted user input can cause Active Job to deserialize it using GlobalId and allow an attacker to have access to information that they should not have.

References

CVE Name CVE-2018-16476
URL https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/