FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Rails -- Active Job vulnerability

Affected packages
rubygem-activejob4 < 4.2.11
rubygem-activejob5 <
rubygem-activejob50 <


VuXML ID f96044a2-7df9-414b-9f6b-6e5b85d06c86
Discovery 2018-11-27
Entry 2018-12-02

Ruby on Rails blog:

Rails 4.2.11,, and have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible

CVE-2018-16476 Broken Access Control vulnerability in Active Job: Carefully crafted user input can cause Active Job to deserialize it using GlobalId and allow an attacker to have access to information that they should not have.


CVE Name CVE-2018-16476