Sha256: 7b7c7dc551a67e715b6d99f0461de44ed100f35196adcffda3a786cfbfabc1f4
Contents?: true
Size: 684 Bytes
Versions: 2
Compression:
Stored size: 684 Bytes
Contents
--- url: http://direct.osvdb.org/show/osvdb/90074 title: Ruby on Rails JSON Gem Arbitrary Symbol Creation Remote DoS description: | Ruby on Rails contains a flaw that may allow a remote denial of service. The issue is due to the JSON gem being tricked in to generating Ruby symbols during the parsing of certain JSON documents. Since Ruby symbols are not garbage collected, a remote attacker can crash a users system. This also may allow the attacker to create arbitrary objects that may be used to bypass certain security mechanisms and potentially allow SQL injection attacks to be conducted. cvss_v2: 9.0 patched_versions: - ~> 1.5.4 - ~> 1.6.7 - ">= 1.7.7"
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.1.1 | data/bundler/audit/json/2013-0269.yml |
| bundler-audit-0.1.0 | data/bundler/audit/json/2013-0269.yml |