activejob/test/cases/argument_serialization_test.rb · v6.0.2.1 · Rails relative code / rails-deleted-2

Sep 05, 2018

Do not deserialize GlobalID objects that were not generated by Active Job · 72300f97

Rafael Mendonça França authored Sep 05, 2018

Trusting any GlobaID object when deserializing jobs can allow
attackers to access information that should not be accessible to them.

Fix CVE-2018-16476.

72300f97

Do not deserialize GlobalID objects that were not generated by Active Job

Rafael Mendonça França authored Sep 05, 2018

Trusting any GlobaID object when deserializing jobs can allow
attackers to access information that should not be accessible to them.

Fix CVE-2018-16476.