RSS   Vulnerabilities for 'Json gem'   RSS

2013-02-12
 
CVE-2013-0269

CWE-20
 

 
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."

 

 >>> Vendor: Rubygems 8 Products
CURL
Rubygems
Mail gem
Json gem
Command wrap
Fastreader
Mini magick
Safemode


Copyright 2024, cxsecurity.com

 

Back to Top