Lucene search

K
cve[email protected]CVE-2013-0269
HistoryFeb 13, 2013 - 1:55 a.m.

CVE-2013-0269

2013-02-1301:55:05
CWE-20
web.nvd.nist.gov
217
json gem
ruby
denial of service
mass assignment
bypass
crafted json
nvd
cve-2013-0269

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

High

EPSS

0.019

Percentile

88.5%

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka “Unsafe Object Creation Vulnerability.”

Affected configurations

NVD
Node
rubygemsjson_gemMatch1.5.0
OR
rubygemsjson_gemMatch1.5.1
OR
rubygemsjson_gemMatch1.5.2
OR
rubygemsjson_gemMatch1.5.3
OR
rubygemsjson_gemMatch1.5.4
OR
rubygemsjson_gemMatch1.6.0
OR
rubygemsjson_gemMatch1.6.1
OR
rubygemsjson_gemMatch1.6.2
OR
rubygemsjson_gemMatch1.6.3
OR
rubygemsjson_gemMatch1.6.4
OR
rubygemsjson_gemMatch1.6.5
OR
rubygemsjson_gemMatch1.6.6
OR
rubygemsjson_gemMatch1.6.7
OR
rubygemsjson_gemMatch1.7.0
OR
rubygemsjson_gemMatch1.7.1
OR
rubygemsjson_gemMatch1.7.2
OR
rubygemsjson_gemMatch1.7.3
OR
rubygemsjson_gemMatch1.7.4
OR
rubygemsjson_gemMatch1.7.5
OR
rubygemsjson_gemMatch1.7.6
VendorProductVersionCPE
rubygemsjson_gem1.7.4cpe:/a:rubygems:json_gem:1.7.4:::
rubygemsjson_gem1.7.6cpe:/a:rubygems:json_gem:1.7.6:::
rubygemsjson_gem1.5.2cpe:/a:rubygems:json_gem:1.5.2:::
rubygemsjson_gem1.7.2cpe:/a:rubygems:json_gem:1.7.2:::
rubygemsjson_gem1.7.3cpe:/a:rubygems:json_gem:1.7.3:::
rubygemsjson_gem1.7.5cpe:/a:rubygems:json_gem:1.7.5:::
rubygemsjson_gem1.6.3cpe:/a:rubygems:json_gem:1.6.3:::
rubygemsjson_gem1.7.1cpe:/a:rubygems:json_gem:1.7.1:::
rubygemsjson_gem1.5.1cpe:/a:rubygems:json_gem:1.5.1:::
rubygemsjson_gem1.5.0cpe:/a:rubygems:json_gem:1.5.0:::
Rows per page:
1-10 of 201

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

High

EPSS

0.019

Percentile

88.5%