Lucene search
K

26 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.5 views

RHCOS 6 : ruby193-ruby, rubygem-json and rubygem-rdoc (RHSA-2013:0701)

The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0701 advisory. - rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template CVE-2013-0256 -...

7.5CVSS5.9AI score0.13911EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.28 views

Debian: Security Advisory (DLA-263-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.13911EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/06/29 4:10 p.m.4 views

rubygem-json: Unsafe object creation vulnerability in JSON

A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/06/03 11:21 a.m.1 views

rubygem-json: Unsafe object creation vulnerability in JSON

A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/08/31 12:0 a.m.47 views

Amazon Linux AMI : rubygem-json (ALAS-2020-1423)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1423 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar toCVE-2013-0269, but doe...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/08/31 12:0 a.m.46 views

Amazon Linux AMI : ruby19, ruby21 (ALAS-2020-1426)

The version of ruby19 installed on the remote host is prior to 1.9.3.551-33.71. The version of ruby21 installed on the remote host is prior to 2.1.9-1.23. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1426 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ru...

7.5CVSS7.3AI score0.06811EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/06/10 2:36 p.m.3 views

rubygem-json: Unsafe object creation vulnerability in JSON

A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/05/01 12:0 a.m.67 views

Debian DLA-2192-1 : ruby2.1 security update

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.1 has an unsafe object creation vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object...

7.5CVSS7AI score0.06811EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/03/26 12:0 a.m.56 views

FreeBSD : rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix) (40194e1c-6d89-11ea-8082-80ee73419af3)

When parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269. The previous fix was incomplete, which addressed JSON.parseuserinput, but didn't address some other...

7.5CVSS7.3AI score0.13911EPSS
Exploits0References3
Veracode
Veracode
added 2020/03/23 3:14 a.m.55 views

Denial Of Service (DoS)

The JSON gem is vulnerable to denial of service. An attacker is able to create arbitrary objects in the target system using malicious JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects. This can potentially result in a denial of service condition. This...

7.5CVSS4.4AI score0.13911EPSS
Exploits0References32Affected Software6
RubySec
RubySec
added 2020/03/19 12:0 a.m.72 views

Unsafe Object Creation Vulnerability in JSON (Additional fix)

When parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269. The previous fix was incomplete, which addressed JSON.parseuserinput, but didn’t address some other...

7.5CVSS1.3AI score0.06811EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2020/03/19 12:0 a.m.61 views

rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix)

When parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269. The previous fix was incomplete, which addressed JSON.parseuserinput, but didn’t address some other...

7.5CVSS6.9AI score0.06811EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/10/03 5:19 a.m.47 views

Ruby: Variant of CVE-2013-0269 (Denial of Service and Unsafe Object Creation Vulnerability in JSON)

During my recent keyword argument separation work on rbscanargs in the master branch, I discovered what I now think is a vulnerability. While the CVE-2013-0269 change fixed most usage of JSON.parse, it ended up not fixing KernelJSON. The reason behind this is that internally, in...

7.5CVSS0.13911EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/07/02 12:0 a.m.343 views

Debian DLA-263-1 : ruby1.9.1 security update

Two vulnerabilities were identified in the Ruby language interpreter, version 1.9.1. CVE-2012-5371 Jean-Philippe Aumasson identified that Ruby computed hash values without properly restricting the ability to trigger hash collisions predictably, allowing context-dependent attackers to cause a deni...

7.8CVSS6.9AI score0.13911EPSS
Exploits2References4
OSV
OSV
added 2015/06/30 12:0 a.m.47 views

DLA-263-1 ruby1.9.1 - security update

Bulletin has no description...

7.5CVSS6.8AI score0.13911EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.33 views

openSUSE Security Update : ruby (openSUSE-SU-2013:0603-1)

Ruby 1.8 was updated to fix a XML entity expansion denial of service attack CVE-2013-1821 Ruby 1.9 was updated to 1.9.3 p392, fixing the same security issues and also : - update json intree to 1.5.5: Denial of Service and Unsafe Object Creation Vulnerability in JSON CVE-2013-0269 - limit entity...

7.5CVSS7.2AI score0.13911EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/08/29 11:22 p.m.46 views

Important: Red Hat Security Advisory: Red Hat JBoss Fuse 6.0.0 patch 2

Red Hat JBoss Fuse 6.0.0 patch 2, which fixes several security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

7.5CVSS6.8AI score0.32259EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2013/04/02 7:58 p.m.44 views

Moderate: Red Hat Security Advisory: ruby193-ruby, rubygem-json and rubygem-rdoc security update

Updated ruby193-ruby, rubygem-json and rubygem-rdoc packages that fix two security issues are now available for Red Hat OpenShift Enterprise 1.1.3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

7.5CVSS6.8AI score0.13911EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2013/03/08 12:0 a.m.36 views

Fedora Update for rubygem-json FEDORA-2013-3052

Check for the Version of rubygem-json OpenVAS Vulnerability Test Fedora Update for rubygem-json FEDORA-2013-3052 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

7.5CVSS7AI score0.13911EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2013/03/08 12:0 a.m.39 views

Fedora Update for rubygem-json FEDORA-2013-3052

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.5CVSS7AI score0.13911EPSS
Exploits0References2
Rows per page
Query Builder