Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <878ufakzhq.fsf@redhat.com>
Date: Fri, 06 Mar 2015 14:49:05 +0100
From: Martin Prpic <mprpic@...hat.com>
To: "oss-security\@lists.openwall.com" <oss-security@...ts.openwall.com>
Subject: CVE request: Ruby on Rails ActiveModel::Name to_json Call Infinite Loop Remote DoS

Hello, I don't see a CVE assigned to this anywhere:

http://osvdb.org/show/osvdb/118954

"Ruby on Rails contains a flaw that is triggered when handling a to_json
call to ActiveModel::Name, which can cause an infinite loop. This may
allow a remote attacker to cause a denial of service."

This looks to link to the corresponding upstream issues:

https://github.com/rubysec/ruby-advisory-db/issues/130

Could a CVE be please assigned?

Thank you!

-- 
Martin Prpič / Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.