Package : libjson-ruby Version : 1.1.9-1+deb6u1 CVE ID : CVE-2013-0269
The JSON gem for Ruby allowed remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."
For Debian 6 “Squeeze”, this issue has been fixed in libjson-ruby version 1.1.9-1+deb6u1.
-- Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/