OSVDB-112347: Object Injection

September 29, 2014

A flaw in Active Job that can allow string arguments to be deserialized as if they were Global IDs. This may allow a remote attacker to inject arbitrary objects.

References

weblog.rubyonrails.org/2014/9/29/Rails-4-2-0-beta2-has-been-released/

Detect and mitigate OSVDB-112347 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →