Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2020/08/31 12:0 a.m.47 views

Amazon Linux AMI : rubygem-json (ALAS-2020-1423)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1423 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar toCVE-2013-0269, but doe...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References3
OSV
OSV
added 2017/10/24 6:33 p.m.47 views

GHSA-X457-CW4H-HQ5F JSON gem has Improper Input Validation vulnerability

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS7.1AI score0.13911EPSS
Exploits0References22
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.50 views

JSON gem has Improper Input Validation vulnerability

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS4.9AI score0.13911EPSS
Exploits0References22Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/07/02 12:0 a.m.343 views

Debian DLA-263-1 : ruby1.9.1 security update

Two vulnerabilities were identified in the Ruby language interpreter, version 1.9.1. CVE-2012-5371 Jean-Philippe Aumasson identified that Ruby computed hash values without properly restricting the ability to trigger hash collisions predictably, allowing context-dependent attackers to cause a deni...

7.8CVSS6.9AI score0.13911EPSS
Exploits2References4
Debian
Debian
added 2015/07/01 10:9 a.m.52 views

[SECURITY] [DLA 263-1] ruby1.9.1 security update

Package : ruby1.9.1 Version : 1.9.2.0-2+deb6u5 CVE ID : CVE-2012-5371 CVE-2013-0269 Debian Bug : 693024 700471 Two vulnerabilities were identified in the Ruby language interpreter, version 1.9.1. CVE-2012-5371 Jean-Philippe Aumasson identified that Ruby computed hash values without properly...

7.8CVSS6.8AI score0.13911EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2015/05/01 12:0 a.m.36 views

Debian DLA-215-1 : libjson-ruby security update

The JSON gem for Ruby allowed remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL...

7.5CVSS6.9AI score0.13911EPSS
Exploits0References3
OSV
OSV
added 2015/04/30 12:0 a.m.31 views

DLA-215-1 libjson-ruby - security update

Bulletin has no description...

7.5CVSS7.5AI score0.13911EPSS
Exploits0
NVD
NVD
added 2013/02/13 1:55 a.m.28 views

CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS7.9AI score0.13911EPSS
Exploits0References23
Cvelist
Cvelist
added 2013/02/13 1:0 a.m.50 views

CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.9AI score0.13911EPSS
Exploits0References23
RubySec
RubySec
added 2013/02/12 12:0 a.m.47 views

CVE-2013-0269 rubygem-json: Denial of Service and SQL Injection

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS7.5AI score0.13911EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2013/02/12 12:0 a.m.51 views

CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS6.8AI score0.13911EPSS
Exploits0References4
Rows per page
Query Builder