Arbitrary search execution
The gem contains a flaw that is triggered when handling the params[:default_class_name] option. This allows users to search any object of all given ActiveRecord classes.
Advisories for Gem/Auto_select2 package
2016
The gem contains a flaw that is triggered when handling the params[:default_class_name] option. This allows users to search any object of all given ActiveRecord classes.