oss-sec mailing list archives
CVE request: Ruby on Rails ActiveModel::Name to_json Call Infinite Loop Remote DoS
From: Martin Prpic <mprpic () redhat com>
Date: Fri, 06 Mar 2015 14:49:05 +0100
Hello, I don't see a CVE assigned to this anywhere: http://osvdb.org/show/osvdb/118954 "Ruby on Rails contains a flaw that is triggered when handling a to_json call to ActiveModel::Name, which can cause an infinite loop. This may allow a remote attacker to cause a denial of service." This looks to link to the corresponding upstream issues: https://github.com/rubysec/ruby-advisory-db/issues/130 Could a CVE be please assigned? Thank you! -- Martin Prpič / Red Hat Product Security
Current thread:
- CVE request: Ruby on Rails ActiveModel::Name to_json Call Infinite Loop Remote DoS Martin Prpic (Mar 06)