Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 06 Mar 2015 14:49:05 +0100
From: Martin Prpic <mprpic@...hat.com>
To: "oss-security\@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: CVE request: Ruby on Rails ActiveModel::Name to_json Call Infinite Loop Remote DoS

Hello, I don't see a CVE assigned to this anywhere:

http://osvdb.org/show/osvdb/118954

"Ruby on Rails contains a flaw that is triggered when handling a to_json
call to ActiveModel::Name, which can cause an infinite loop. This may
allow a remote attacker to cause a denial of service."

This looks to link to the corresponding upstream issues:

https://github.com/rubysec/ruby-advisory-db/issues/130

Could a CVE be please assigned?

Thank you!

-- 
Martin Prpič / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ