Skip to content

Instantly share code, notes, and snippets.

@boffbowsh

boffbowsh/cve_2015_3226_fix.rb

Last active August 29, 2015 14:23
Show Gist options
  • Save boffbowsh/073d4f36f8677304fa9f to your computer and use it in GitHub Desktop.
Save boffbowsh/073d4f36f8677304fa9f to your computer and use it in GitHub Desktop.
Download ZIP
curl / wget this (retaining the name) into `config/initializers` to fix the CVE-2015-3226 vulnerability in Rails 3.2.22 apps
Raw
cve_2015_3226_fix.rb
raise "Check monkey patch for CVE-2015-3226 is still needed" unless Rails::VERSION::STRING == '3.2.22'
module ActiveSupport
module JSON
module Encoding
private
class EscapedString
def to_s
self
end
end
end
end
end
@tijmenb
Copy link

tijmenb commented Jun 17, 2015 

curl "https://gist.githubusercontent.com/boffbowsh/073d4f36f8677304fa9f/raw/2004d7ae38969ccc793386141a3a90b75d03a8b4/cve_2015_3226_fix.rb" > config/initializers/cve_2015_3226_fix.rb

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment