Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby on Rails Deserialization of Untrusted Data Vulnerability - CVE-2018-16476 - Vulnerability Database
Ruby on Rails

Ruby on Rails Deserialization of Untrusted Data Vulnerability - CVE-2018-16476

High
Reference: CVE-2018-16476
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-16476
Title: Ruby on Rails Deserialization of Untrusted Data Vulnerability
Overview:

A Broken Access Control vulnerability in Active Job versions gt 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11 5.0.7.1 5.1.6.1 and 5.2.1.1.