DEBIAN-CVE-2018-16476

DEBIAN-CVE-2018-16476 PUBLISHED CVSS 7.5 HIGH

A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:14	rails	0, 0, 0
Debian:12	rails	0, 0, 0
Debian:11	rails	0, 0, 0
Debian:13	rails	0, 0, 0

Timeline

Nov 30, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-16476 advisory

Open in Interactive Console →