CVE-2013-0269

🗓️ 13 Feb 2013 01:00:00Reported by redhatType

The JSON gem for Ruby allows remote attackers to trigger denial of service or bypass mass assignment protection by crafting JSON document which leads to creation of arbitrary Ruby symbols or internal objects, allowing SQL injection attack against Ruby on Rails

Reporter	Title	Published	Views	Family All 79
Amazon	Medium: ruby20	12 Aug 202000:00	–	amazon
Amazon	Important: ruby24	31 Aug 202000:00	–	amazon
Amazon	Medium: rubygem-json	31 Aug 202000:00	–	amazon
Amazon	Medium: ruby19, ruby21	31 Aug 202000:00	–	amazon
Amazon	Medium: ruby	24 May 202100:00	–	amazon
Amazon	Important: ruby	25 Sep 202300:00	–	amazon
FreeBSD	Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON	11 Feb 201300:00	–	freebsd
CVE	CVE-2013-0269	13 Feb 201301:00	–	cve
Debian	[SECURITY] [DLA 215-1] libjson-ruby security update	30 Apr 201516:34	–	debian
Debian	[SECURITY] [DLA 2192-1] ruby2.1 security update	30 Apr 202022:01	–	debian

Source	Link
lists	www.lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html
rhn	www.rhn.redhat.com/errata/RHSA-2013-1028.html
lists	www.lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
secunia	www.secunia.com/advisories/52774
zweitag	www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection
weblog	www.weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
secunia	www.secunia.com/advisories/52075
lists	www.lists.opensuse.org/opensuse-updates/2013-04/msg00034.html
rhn	www.rhn.redhat.com/errata/RHSA-2013-0701.html
groups	www.groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428

08 Dec 2017 10:57Current

7.9High risk

Vulners AI Score7.9

EPSS0.17317