Ruby/activejob/5.1.5
Declare job classes that can be run by a variety of queuing backends.
https://rubygems.org/gems/activejob
MIT
1 Security Vulnerabilities
Improper Access Control in activejob
Published date: 2018-12-05T17:24:27Z
CVE: CVE-2018-16476
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2018-16476
- https://github.com/advisories/GHSA-q2qw-rmrh-vv42
- https://access.redhat.com/errata/RHSA-2019:0600
- https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ
- https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/CVE-2018-16476.yml
- https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw
- https://github.com/rails/rails/commit/970b0d754be7c71a760d9b807eea32297fd838e3
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have.
Affected versions:
["5.2.1", "5.2.1.rc1", "5.2.0", "5.1.6", "5.1.5", "5.1.5.rc1", "5.1.4", "5.1.4.rc1", "5.1.3", "5.1.3.rc3", "5.1.3.rc2", "5.1.3.rc1", "5.1.2", "5.1.2.rc1", "5.1.1", "5.1.0", "5.0.7", "5.0.6", "5.0.6.rc1", "5.0.5", "5.0.5.rc2", "5.0.5.rc1", "5.0.4", "5.0.4.rc1", "5.0.3", "5.0.2", "5.0.2.rc1", "5.0.1", "5.0.1.rc2", "5.0.1.rc1", "5.0.0.1", "5.0.0", "4.2.10", "4.2.10.rc1", "4.2.9", "4.2.9.rc2", "4.2.9.rc1", "4.2.8", "4.2.8.rc1", "4.2.7.1", "4.2.7", "4.2.7.rc1", "4.2.6", "4.2.6.rc1", "4.2.5.2", "4.2.5.1", "4.2.5", "4.2.5.rc2", "4.2.5.rc1", "4.2.4", "4.2.4.rc1", "4.2.3", "4.2.3.rc1", "4.2.2", "4.2.1", "4.2.1.rc4", "4.2.1.rc3", "4.2.1.rc2", "4.2.1.rc1", "4.2.0"]
Secure versions:
[6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 0, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 6.1.4.4, 6.0.4.4, 7.0.0, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 7.0.2.3, 6.1.4.7, 6.0.4.7, 5.2.6.3, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7]
Recommendation:
Update to version 7.1.3.2.
215 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
4.2.2 | MIT | 1 | 2015-06-16 - 18:02 | almost 9 years |
4.2.1 | MIT | 1 | 2015-03-19 - 16:41 | about 9 years |
4.2.1.rc4 | MIT | 1 | 2015-03-12 - 21:25 | about 9 years |
4.2.1.rc3 | MIT | 1 | 2015-03-02 - 21:35 | about 9 years |
4.2.1.rc2 | MIT | 1 | 2015-02-25 - 22:19 | about 9 years |
4.2.1.rc1 | MIT | 1 | 2015-02-20 - 22:20 | about 9 years |
4.2.0 | MIT | 1 | 2014-12-20 - 00:15 | over 9 years |
4.2.0.rc3 | MIT | 2014-12-13 - 02:58 | over 9 years | |
4.2.0.rc2 | MIT | 2014-12-05 - 23:20 | over 9 years | |
4.2.0.rc1 | MIT | 2014-11-28 - 17:53 | over 9 years | |
4.2.0.beta4 | MIT | 2014-10-30 - 22:12 | over 9 years | |
4.2.0.beta3 | MIT | 2014-10-30 - 18:36 | over 9 years | |
4.2.0.beta2 | MIT | 2014-09-26 - 18:00 | over 9 years | |
4.2.0.beta1 | MIT | 2014-08-20 - 02:34 | over 9 years | |
0 | MIT | 2014-05-20 - 18:10 | almost 10 years |