logo
DATABASE RESOURCES PRICING ABOUT US

Denial Of Service (DoS)

Description

The JSON gem is vulnerable to denial of service. An attacker is able to create arbitrary objects in the target system using malicious JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects. This can potentially result in a denial of service condition. This vulnerability exists due to an incomplete fix for CVE-2013-0269.


Affected Software


CPE Name Name Version
json 2.2.0
json 1.7.7
pcs 0.10.2__4.el8
ruby:3.10 2.5.7-r0
ruby:3.7 2.4.6-r0
ruby-json:bullseye 2.3.0+dfsg-1+b3
ruby-json:sid 2.3.0+dfsg-1+b3
ruby:edge 2.6.5-r2
rh-ruby25-ruby 2.5.0__5.el7
rh-ruby25-ruby 2.5.5__7.el7
rh-ruby25-ruby 2.5.3__6.el7
rh-ruby26-ruby 2.6.2__118.el7
ruby 2.0.0.648__34.el7_6
ruby 2.4.5__90.el7cf
ruby 2.0.0.648__35.el7_6
ruby 2.0.0.648__36.el7
ruby 2.4.6__91.el7cf
ruby 2.0.0.598__25.ael7b_1
ruby 2.4.9__93.el7cf
json 2.2.0
json 1.7.7
pcs 0.10.2__4.el8
ruby:3.10 2.5.7-r0
ruby:3.7 2.4.6-r0
ruby-json:bullseye 2.3.0+dfsg-1+b3
ruby-json:sid 2.3.0+dfsg-1+b3
ruby:edge 2.6.5-r2
rh-ruby25-ruby 2.5.0__5.el7
rh-ruby25-ruby 2.5.5__7.el7
rh-ruby25-ruby 2.5.3__6.el7
rh-ruby26-ruby 2.6.2__118.el7
ruby 2.0.0.648__34.el7_6
ruby 2.0.0.648__36.el7
ruby 2.4.6__91.el7cf
ruby 2.0.0.598__25.ael7b_1
ruby 2.4.5__90.el7cf
ruby 2.0.0.648__39.el7_9
ruby 2.0.0.648__35.el7_6
ruby 2.4.9__93.el7cf

Related