Sha256: 7de04ff2be0f15c75dc80f96a501bd6c3c8753a682c3620021f8ad3a102413cc

Contents?: true

Size: 741 Bytes

Versions: 9

Compression:

Stored size: 741 Bytes

Contents

--- 
gem: json
cve: 2013-0269
osvdb: 90074
url: http://direct.osvdb.org/show/osvdb/90074
title: Ruby on Rails JSON Gem Arbitrary Symbol Creation Remote DoS
date: 2013-02-11

description: |
  Ruby on Rails contains a flaw that may allow a remote denial of service.
  The issue is due to the JSON gem being tricked in to generating Ruby symbols
  during the parsing of certain JSON documents. Since Ruby symbols are not
  garbage collected, a remote attacker can crash a users system. This also may
  allow the attacker to create arbitrary objects that may be used to bypass
  certain security mechanisms and potentially allow SQL injection attacks to
  be conducted.

cvss_v2: 9.0

patched_versions: 
  - ~> 1.5.5
  - ~> 1.6.8
  - ">= 1.7.7"

Version data entries

9 entries across 9 versions & 2 rubygems

Version Path
bundler-audit-0.4.0 data/ruby-advisory-db/gems/json/OSVDB-90074.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/json/OSVDB-90074.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/json/OSVDB-90074.yml
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/json/OSVDB-90074.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/json/OSVDB-90074.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/json/OSVDB-90074.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/json/OSVDB-90074.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/json/OSVDB-90074.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/json/OSVDB-90074.yml