GHSA-mpwp-4h2m-765c

Опубликовано: 16 янв. 2026

Источник: github

Github: Прошло ревью

CVSS4: 6.6

Описание

Active Job - Object injection security vulnerability

Active Job vulnerability: An Active Job bug allowed String arguments to be deserialized as if they were Global IDs, an object injection security vulnerability.

Ссылки

https://advisories.gitlab.com/pkg/gem/activejob/OSVDB-112347
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/GHSA-mpwp-4h2m-765c.yml
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/OSVDB-112347.yml

Пакеты

Наименование

activejob

rubygems

Затронутые версииВерсия исправления

< 4.2.0.beta2

4.2.0.beta2

6.6 Medium

CVSS4

Дефекты

CWE-74

6.6 Medium

CVSS4

Дефекты

CWE-74