Sha256: b3da34635ad001b4640909d03f8680e4b19c14d7f8a45dc9e3491df738480b73

Contents?: true

Size: 734 Bytes

Versions: 5

Compression:

Stored size: 734 Bytes

Contents

--- 
gem: json
cve: 2013-0269
osvdb: 90074
url: http://osvdb.org/show/osvdb/90074
title: Ruby on Rails JSON Gem Arbitrary Symbol Creation Remote DoS
date: 2013-02-11

description: |
  Ruby on Rails contains a flaw that may allow a remote denial of service.
  The issue is due to the JSON gem being tricked in to generating Ruby symbols
  during the parsing of certain JSON documents. Since Ruby symbols are not
  garbage collected, a remote attacker can crash a users system. This also may
  allow the attacker to create arbitrary objects that may be used to bypass
  certain security mechanisms and potentially allow SQL injection attacks to
  be conducted.

cvss_v2: 9.0

patched_versions: 
  - ~> 1.5.5
  - ~> 1.6.8
  - ">= 1.7.7"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/json/OSVDB-90074.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/json/OSVDB-90074.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/json/OSVDB-90074.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/json/OSVDB-90074.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/json/OSVDB-90074.yml