GMS-2016-5: Arbitrary search execution

January 8, 2016

The gem contains a flaw that is triggered when handling the params[:default_class_name] option. This allows users to search any object of all given ActiveRecord classes.

References

github.com/Tab10id/auto_awesomplete/issues/2

Detect and mitigate GMS-2016-5 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →