Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have.
CVE-2018-16476 - Medium Severity Vulnerability
Vulnerable Library - rails-5.2.1.gem
Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.
path: /tmp/git/chaltron/Gemfile.lock
Library home page: https://rubygems.org/gems/rails-5.2.1.gem
Dependency Hierarchy: - bootstrap_form-4.0.0.gem (Root Library) - :x: **rails-5.2.1.gem** (Vulnerable Library)Vulnerability Details
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have.
Publish Date: 2018-11-30
URL: CVE-2018-16476
CVSS 2 Score Details (5.5)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here