GHSA-mpwp-4h2m-765c: Active Job - Object injection security vulnerability

January 16, 2026 (updated January 20, 2026)

Active Job vulnerability: An Active Job bug allowed String arguments to be deserialized as if they were Global IDs, an object injection security vulnerability.

References

advisories.gitlab.com/pkg/gem/activejob/OSVDB-112347
github.com/advisories/GHSA-mpwp-4h2m-765c
github.com/rails/rails
github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/GHSA-mpwp-4h2m-765c.yml
github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/OSVDB-112347.yml

Code Behaviors & Features

Detect and mitigate GHSA-mpwp-4h2m-765c with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →