Add advisory for will_paginate

[aripollak]

Apparently there was a security issue fixed here: mislav/will_paginate@ec9b985 and here: mislav/will_paginate@ab55687

It looks like versions before 3.1.2, 3.0.9, and are vulnerable, but this has no CVE and I'm not sure exactly what the vulnerability was.

[aripollak]

With a bit of experimentation, I discovered that adding &script_name=https://www.example.com to a page with will_paginate links would result in the links being rewritten to be https://www.example.com... instead of the intended site. I guess someone could use this in a social engineering attack by sending someone a link with &script_name being a malicious site and hoping they click on the pagination links and getting fooled, but I'm not sure if it's any worse than that.

[jasnow]

@aripollak or @phillmv - Is this issue related to this existing advisory - gems/will_paginate/CVE-2013-6459.yml ?
Thanks

[aripollak]

@jasnow I think that's a different issue.