logo
DATABASE RESOURCES PRICING ABOUT US

JSON gem has Improper Input Validation vulnerability

Description

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."


Affected Software


CPE Name Name Version
json 1.7.0
json 1.7.7
json 1.6.0
json 1.6.8
json 1.5.5

Related