--- 
gem: json
cve: 2013-0269
osvdb: 101137
url: https://nvd.nist.gov/vuln/detail/CVE-2013-0269
title: json Gem for Ruby multiple Remote DoS vulnerabilities
date: 2013-02-12
description: |
  The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby
  allows remote attackers to cause a denial of service (resource consumption) or
  bypass the mass assignment protection mechanism via a crafted JSON document
  that triggers the creation of arbitrary Ruby symbols or certain internal
  objects, as demonstrated by conducting a SQL injection attack against
  Ruby on Rails, aka "Unsafe Object Creation Vulnerability."

cvss_v2: 9.0
patched_versions: 
  - ~> 1.5.5
  - ~> 1.6.8
  - ">= 1.7.7"