Lucene search

K
nvd[email protected]NVD:CVE-2013-0269
HistoryFeb 13, 2013 - 1:55 a.m.

CVE-2013-0269

2013-02-1301:55:05
CWE-20
web.nvd.nist.gov
1

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

0.019

Percentile

88.5%

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka “Unsafe Object Creation Vulnerability.”

Affected configurations

NVD
Node
rubygemsjson_gemMatch1.5.0
OR
rubygemsjson_gemMatch1.5.1
OR
rubygemsjson_gemMatch1.5.2
OR
rubygemsjson_gemMatch1.5.3
OR
rubygemsjson_gemMatch1.5.4
OR
rubygemsjson_gemMatch1.6.0
OR
rubygemsjson_gemMatch1.6.1
OR
rubygemsjson_gemMatch1.6.2
OR
rubygemsjson_gemMatch1.6.3
OR
rubygemsjson_gemMatch1.6.4
OR
rubygemsjson_gemMatch1.6.5
OR
rubygemsjson_gemMatch1.6.6
OR
rubygemsjson_gemMatch1.6.7
OR
rubygemsjson_gemMatch1.7.0
OR
rubygemsjson_gemMatch1.7.1
OR
rubygemsjson_gemMatch1.7.2
OR
rubygemsjson_gemMatch1.7.3
OR
rubygemsjson_gemMatch1.7.4
OR
rubygemsjson_gemMatch1.7.5
OR
rubygemsjson_gemMatch1.7.6

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

0.019

Percentile

88.5%