The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2013-02-13T01:00:00
Updated: 2024-08-06T14:18:09.563Z
Reserved: 2012-12-06T00:00:00
Link: CVE-2013-0269
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-02-13T01:55:05.107
Modified: 2024-11-21T01:47:11.957
Link: CVE-2013-0269
Redhat