CVE-2018-16476

CVE-2018-16476

Vendor N/A

Product https://github.com/rails/rails

Weakness CWE-284

Published November 30, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.

Key dates

02Disclosure timeline

November 30, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-16476

Related vulnerabilities

Identifiers

CVE CVE-2018-16476

CWE CWE-284

Affected versions

Vendor N/A

Product https://github.com/rails/rails

Affected 4.2.0 up to and before 4.2.11

Vendor N/A

Product https://github.com/rails/rails

Affected 4.2.0 up to and before 5.0.7.1

Vendor N/A

Product https://github.com/rails/rails

Affected 4.2.0 up to and before 5.1.6.1

Vendor N/A

Product https://github.com/rails/rails

Affected 4.2.0 up to and before 5.2.1.1

01Description

02Disclosure timeline

03References

04Related CVE