Advisories for Gem/Activeresource package

There is a possible information disclosure issue in Active Resource that could allow an attacker to create specially crafted requests to access data and possibly leak information.

Activeresource contains a format string flaw in the request function of lib/active_resource/connection.rb. The issue is triggered as format string specifiers (e.g. %s and %x) are not properly sanitized in user-supplied input when passed via the result.code and result.message variables. This may allow a remote attacker to cause a denial of service or potentially execute arbitrary code.