Design/Logic Flaw

stimulusreflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security...

StimulusReflex arbitrary method call

Summary More methods than expected can be called on reflex instances. Being able to call some of them has security implications. Details To invoke a reflex a websocket message of the following shape is sent: json "target": "classnamemethodname", "args": The server will proceed to instantiate refl...

PT-2024-22275

Name of the Vulnerable Software and Affected Versions stimulus reflex versions prior to 3.4.2 stimulus reflex versions prior to 3.5.0.rc4 Description The issue allows more methods than expected to be called on reflex instances, which has security implications. To invoke a reflex, a websocket...

StimulusReflex Security Vulnerability

StimulusReflex is a system that extends the functionality of Rails and Stimulus by intercepting user interactions and passing them to Rails via a live websocket. A security vulnerability exists in StimulusReflex 3.4.1 and earlier, 3.5.0.rc3 and earlier, which stems from a vulnerability that allow...