oss-sec mailing list archives

CVE request: Ruby on Rails ActiveModel::Name to_json Call Infinite Loop Remote DoS

From: Martin Prpic <mprpic () redhat com>
Date: Fri, 06 Mar 2015 14:49:05 +0100

Hello, I don't see a CVE assigned to this anywhere:

http://osvdb.org/show/osvdb/118954

"Ruby on Rails contains a flaw that is triggered when handling a to_json
call to ActiveModel::Name, which can cause an infinite loop. This may
allow a remote attacker to cause a denial of service."

This looks to link to the corresponding upstream issues:

https://github.com/rubysec/ruby-advisory-db/issues/130

Could a CVE be please assigned?

Thank you!

-- 
Martin Prpič / Red Hat Product Security

Current thread:

CVE request: Ruby on Rails ActiveModel::Name to_json Call Infinite Loop Remote DoS Martin Prpic (Mar 06)
- Re: CVE request: Ruby on Rails ActiveModel::Name to_json Call Infinite Loop Remote DoS cve-assign (Mar 10)