CVE-2018-16476

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-16476
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16476.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-16476
Aliases
Published
2018-11-30T19:29:00Z
Modified
2024-06-06T12:10:58.645698Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.

References

Affected packages

Git / github.com/rails/rails

Affected ranges

Type
GIT
Repo
https://github.com/rails/rails
Events

Affected versions

v5.*

v5.0.0
v5.0.0.1
v5.0.1
v5.0.1.rc1
v5.0.1.rc2
v5.0.2
v5.0.2.rc1
v5.0.3
v5.0.4
v5.0.4.rc1
v5.0.5
v5.0.5.rc1
v5.0.5.rc2
v5.0.6
v5.0.7