diff --git a/app/controllers/workflows_controller.rb b/app/controllers/workflows_controller.rb
index bf78196c288..cc4f51081d4 100644
--- a/app/controllers/workflows_controller.rb
+++ b/app/controllers/workflows_controller.rb
@@ -57,7 +57,7 @@ class WorkflowsController < ApplicationController
   def update
     call = Workflows::BulkUpdateService
            .new(role: @role, type: @type)
-           .call(params["status"])
+           .call(permitted_status_params)
 
     if call.success?
       flash[:notice] = I18n.t(:notice_successful_update)
@@ -148,4 +148,10 @@ class WorkflowsController < ApplicationController
       roles
     end
   end
+
+  def permitted_status_params
+    params["status"]
+      .to_unsafe_h
+      .select { |key, value| /\A\d+\z/.match?(key) && /\A\d+\z/.match?(value) }
+  end
 end