Description
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35480)
WordPress Plugin WooCommerce Object Injection (2.3.10)
WordPress Plugin Video.js-HTML5 Video Player for Wordpress Cross-Site Scripting (3.2.3)
MySQL CVE-2024-21135 Vulnerability (CVE-2024-21135)
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2014-6412)