Date: Fri, 06 Mar 2015 14:49:05 +0100 From: Martin Prpic <mprpic@...hat.com> To: "oss-security\@lists.openwall.com" <oss-security@...ts.openwall.com> Subject: CVE request: Ruby on Rails ActiveModel::Name to_json Call Infinite Loop Remote DoS Hello, I don't see a CVE assigned to this anywhere: http://osvdb.org/show/osvdb/118954 "Ruby on Rails contains a flaw that is triggered when handling a to_json call to ActiveModel::Name, which can cause an infinite loop. This may allow a remote attacker to cause a denial of service." This looks to link to the corresponding upstream issues: https://github.com/rubysec/ruby-advisory-db/issues/130 Could a CVE be please assigned? Thank you! -- Martin Prpič / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.