Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 10 Jan 2016 18:29:54 -0800
From: Reed Loden <>
	Assign a CVE Identifier <>
Subject: CVE request: Arbitrary search execution in ruby gems auto_select2
 <0.5.0 and auto_awesomeplete <=0.0.3

Another RubySec contributor noticed this --

The auto_select2 and auto_awesomeplete Gems for Ruby contain a flaw that is
triggered when handling the 'params[:default_class_name]' option. This
allows users to search any object of all given ActiveRecord classes.

* Homepage:
* Download:
* Reported in:
* Fixed by:
* Fixed in: v0.5.0

* Homepage:
* Download:
* Reported in:
* Still unfixed.

Needs a CVE assigned.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ