Date: Fri, 06 Mar 2015 14:49:05 +0100 From: Martin Prpic <mprpic@...hat.com> To: "oss-security\@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: CVE request: Ruby on Rails ActiveModel::Name to_json Call Infinite Loop Remote DoS Hello, I don't see a CVE assigned to this anywhere: http://osvdb.org/show/osvdb/118954 "Ruby on Rails contains a flaw that is triggered when handling a to_json call to ActiveModel::Name, which can cause an infinite loop. This may allow a remote attacker to cause a denial of service." This looks to link to the corresponding upstream issues: https://github.com/rubysec/ruby-advisory-db/issues/130 Could a CVE be please assigned? Thank you! -- Martin Prpič / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ