Achilleas Buisman

**Name of the Vulnerable Software and Affected Versions** rails versions 5.0.0 through 5.2.4.2 rails versions 6.0.0 through 6.0.3 **Description** A deserialization of untrusted data issue exists, allowing an attacker to potentially leak information from Strong Parameters. The vulnerability is related to the `each pair` function in `strong parameters.rb` and can be exploited by a remote attacker to access confidential data. In some cases, user-supplied information can be inadvertently leaked from Strong Parameters, specifically when using the return value of `each`, `each value`, or `each pair`. This can cause applications to inadvertently use untrusted user input. **Recommendations** For rails versions 5.0.0 through 5.2.4.2, update to version 5.2.4.3 or later. For rails versions 6.0.0 through 6.0.3, update to version 6.0.3.1 or later. As a temporary workaround, do not use the return values of `each`, `each value`, or `each pair` in your application. Restrict the use of these methods to minimize the risk of exploitation.