stimulus_reflex is vulnerable to Unsafe Reflection. The vulnerability is due to insufficient validation of methods that can be called on Reflex instances. This vulnerability allows attackers to execute methods not intended for client-side interaction.
seclists.org/fulldisclosure/2024/Mar/16
github.com/stimulusreflex/stimulus_reflex/blob/0211cad7d60fe96838587f159d657e44cee51b9b/app/channels/stimulus_reflex/channel.rb#L83
github.com/stimulusreflex/stimulus_reflex/commit/538582d240439aab76066c72335ea92096cd0c7f
github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.4.2
github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.5.0.rc4
github.com/stimulusreflex/stimulus_reflex/security/advisories/GHSA-f78j-4w3g-4q65