QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2013-0269

Back to search

CVE-2013-0269

Published: Feb 13, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."

VendorProductVersions

n/a

n/a

affected
n/a

References

RHSA-2013:0701
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2013:0603
vendor-advisory
x_refsource_SUSE
APPLE-SA-2013-10-22-5
vendor-advisory
x_refsource_APPLE
SSA:2013-075-01
vendor-advisory
x_refsource_SLACKWARE
52774
third-party-advisory
x_refsource_SECUNIA
90074
vdb-entry
x_refsource_OSVDB
52902
third-party-advisory
x_refsource_SECUNIA
RHSA-2013:0686
vendor-advisory
x_refsource_REDHAT
57899
vdb-entry
x_refsource_BID
USN-1733-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SU-2013:0609
vendor-advisory
x_refsource_SUSE
RHSA-2013:1028
vendor-advisory
x_refsource_REDHAT
json-ruby-security-bypass(82010)
vdb-entry
x_refsource_XF
RHSA-2013:1147
vendor-advisory
x_refsource_REDHAT
52075
third-party-advisory
x_refsource_SECUNIA
SUSE-SU-2013:0647
vendor-advisory
x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now