Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 06 Mar 2015 14:49:05 +0100
From: Martin Prpic <>
To: "oss-security\" <>
Subject: CVE request: Ruby on Rails ActiveModel::Name to_json Call Infinite Loop Remote DoS

Hello, I don't see a CVE assigned to this anywhere:

"Ruby on Rails contains a flaw that is triggered when handling a to_json
call to ActiveModel::Name, which can cause an infinite loop. This may
allow a remote attacker to cause a denial of service."

This looks to link to the corresponding upstream issues:

Could a CVE be please assigned?

Thank you!

Martin Prpič / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ