Ruby on Rails contains a flaw that is triggered when handling a to_json call to ActiveModel::Name, which can cause an infinite loop. This may allow a remote attacker to cause a denial of service. Previously. calling User.model_name.to_json would result in an infinite recursion as .model_name did not respond to the .to_json. This patch fixesthat unexpected behavior by delegating .to_json to the correct handler. activemodel/lib/active_model/naming.rb @@ -130,7 +130,7 @@ class Name # # Equivalent to +to_s+. delegate :==, :===, :<=>, :=~, :"!~", :eql?, :to_s, - :to_str, to: :name + :to_str, :as_json, to: :name # Returns a new ActiveModel::Name instance. By default, the +namespace+ # and +name+ option will take the namespace and name of the given class activemodel/test/cases/serializers/json_serialization_test.rb @@ -195,4 +195,8 @@ def @contact.as_json(options = {}); super(options.merge(only: [:name])); end assert_no_match %r{"awesome":}, json assert_no_match %r{"preferences":}, json end + + test "Class.model_name should be json encodable" do + assert_match %r{"Contact"}, Contact.model_name.to_json + end end