Lucene search
K

16 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/06/20 6:47 a.m.13 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to multiple Vulnerabilities due to Ruby package

Summary Potential vulnerabilities in Ruby package has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2020-10663 DESCRIPTION: The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through...

8.8CVSS9.1AI score0.06811EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/06/29 12:0 a.m.48 views

CentOS 8 : ruby:2.5 (CESA-2021:2587)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2587 advisory. - ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 - ruby: Regular expression denial of service vulnerability of...

8.1CVSS6.8AI score0.06811EPSS
Exploits2References9
Amazon
Amazon
added 2020/08/31 12:0 a.m.89 views

Medium: rubygem-json

Issue Overview: The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, u...

7.5CVSS7.1AI score0.13911EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/08/31 12:0 a.m.47 views

Amazon Linux AMI : rubygem-json (ALAS-2020-1423)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1423 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar toCVE-2013-0269, but doe...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/06/02 12:0 a.m.185 views

EulerOS 2.0 SP5 : ruby (EulerOS-SA-2020-1615)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation...

7.8CVSS7.3AI score0.06811EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/05/26 12:0 a.m.39 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1590)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.06811EPSS
Exploits1References2
Prion
Prion
added 2020/04/28 9:15 p.m.27 views

Design/Logic Flaw

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsi...

5CVSS7.4AI score0.13911EPSS
Exploits0References19Affected Software5
OSV
OSV
added 2017/10/24 6:33 p.m.47 views

GHSA-X457-CW4H-HQ5F JSON gem has Improper Input Validation vulnerability

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS7.1AI score0.13911EPSS
Exploits0References22
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.51 views

JSON gem has Improper Input Validation vulnerability

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS4.9AI score0.13911EPSS
Exploits0References22Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/05/01 12:0 a.m.36 views

Debian DLA-215-1 : libjson-ruby security update

The JSON gem for Ruby allowed remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL...

7.5CVSS6.9AI score0.13911EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/03/06 12:0 a.m.29 views

Fedora 18 : rubygem-json-1.6.8-1.fc18 (2013-3052)

A security flaw was discovered on the previous json that there is a denial of service and unsafe object creation vulnerability. This vulnerability has been assigned the CVE identifier CVE-2013-0269. This new rpm will fix this issue. Note that Tenable Network Security has extracted the preceding...

7.5CVSS6.2AI score0.13911EPSS
Exploits0References3
NVD
NVD
added 2013/02/13 1:55 a.m.30 views

CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS7.9AI score0.13911EPSS
Exploits0References23
Cvelist
Cvelist
added 2013/02/13 1:0 a.m.52 views

CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.9AI score0.13911EPSS
Exploits0References23
Debian CVE
Debian CVE
added 2013/02/13 1:0 a.m.33 views

CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS5.4AI score0.13911EPSS
Exploits0
RubySec
RubySec
added 2013/02/12 12:0 a.m.47 views

CVE-2013-0269 rubygem-json: Denial of Service and SQL Injection

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS7.5AI score0.13911EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2013/02/12 12:0 a.m.51 views

CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS6.8AI score0.13911EPSS
Exploits0References4
Rows per page
Query Builder