aboutsummaryrefslogtreecommitdiffstats
path: root/activestorage/test/controllers
diff options
context:
space:
mode:
authorRafael Mendonça França <rafaelmfranca@gmail.com>2018-09-05 17:38:09 -0400
committerRafael Mendonça França <rafaelmfranca@gmail.com>2018-11-27 15:28:41 -0500
commit72300f9742745f9535b06d45a9632e948ed7d79b (patch)
tree7d1f203574ac445f8532e68f9b75886f2d282b61 /activestorage/test/controllers
parentddaca7ccec208ee80652e696e001671fd6e735f9 (diff)
downloadrails-72300f9742745f9535b06d45a9632e948ed7d79b.tar.gz
rails-72300f9742745f9535b06d45a9632e948ed7d79b.tar.bz2
rails-72300f9742745f9535b06d45a9632e948ed7d79b.zip
Do not deserialize GlobalID objects that were not generated by Active Job
Trusting any GlobaID object when deserializing jobs can allow attackers to access information that should not be accessible to them. Fix CVE-2018-16476.
Diffstat (limited to 'activestorage/test/controllers')
0 files changed, 0 insertions, 0 deletions