FLAT-OV7QS – Vulnerability

OS Command Injection In activejob

Description

Active Job - Object injection security vulnerability Active Job vulnerability: An Active Job bug allowed String arguments to be deserialized as if they were Global IDs, an object injection security vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
gem	activejob	>=0 <4.2.0.beta2	4.2.0.beta2

References

1. https://advisories.gitlab.com/pkg/gem/activejob/OSVDB-1123472. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/OSVDB-112347.yml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.