RubySec

Providing security resources for the Ruby community

OSVDB-132800 (auto_select2): auto_select2 Gem for Ruby allows arbitrary search execution

ADVISORIES

GEM

auto_select2

PATCHED VERSIONS

  • >= 0.5.0

DESCRIPTION

auto_select2 Gem for Ruby contains a flaw that is triggered when handling the ‘params[:default_class_name]’ option. This allows users to search any object of all given ActiveRecord classes.