Access Restriction Bypass
Affecting activejob gem, versions >=4.2.0, <4.2.11 || >=5.0.0, <22.214.171.124 || >=5.1.1, <126.96.36.199 || >=5.2.0, <188.8.131.52
activejobdeclares job classes that can be run by a variety of queueing backends.
Affected versions of this package are vulnerable to Access Restriction Bypass. Carefully crafted user input can cause Active Job to deserialize it using GlobalId and allow an attacker to have access to information that they should not have.
activejob to version 4.2.11, 184.108.40.206, 220.127.116.11, 18.104.22.168 or higher.