Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DLA-215-1
HistoryApr 30, 2015 - 12:00 a.m.

libjson-ruby - security update

2015-04-3000:00:00
Google
osv.dev
6
JSON

The JSON gem for Ruby allowed remote attackers to cause a denial of
service (resource consumption) or bypass the mass assignment protection
mechanism via a crafted JSON document that triggers the creation of
arbitrary Ruby symbols or certain internal objects, as demonstrated by
conducting a SQL injection attack against Ruby on Rails, aka “Unsafe
Object Creation Vulnerability.”

For Debian 6 Squeeze, this issue has been fixed in libjson-ruby
version 1.1.9-1+deb6u1.

CPENameOperatorVersion
libjson-rubyeq1.1.9-1
JSON