CVE-2013-0269
Published Feb 13, 2013
Last updated 7 years ago
Overview
- Description
- The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A6068E1-1BB1-4FBE-A4DA-C303B2E65E1D"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6572D2E9-1D09-4245-BEB3-A3BCF3C4455C"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56DF3383-1E82-4FA0-B92F-1C96DAB5C12C"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3EFA5025-DFED-4540-B773-5777ACE013C3"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EB792B2-FF20-4C39-B2DD-171E6B8317F4"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A65B497E-F658-4E6D-810C-97C56FF0AAF1"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D8A1269-441E-48E1-A0F2-949C49FFAEC3"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC0420E6-84C8-4210-AB79-875564741330"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73665EA1-E35D-469D-8898-163FB8DF34AB"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AB8EC9A-8CC4-4A71-A026-6FB98DA1A35F"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.6.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "530A8D3B-AFF0-4316-A4B5-B222A73CD9E8"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.6.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89AE459A-4169-47F4-9B40-344002352C61"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.6.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FC8E7A7-7A94-497E-B8C2-B4A0CBD4BD7B"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D696FD5D-3DAD-4AAB-A3C7-1865739922D8"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88A3B72B-5784-4169-88DA-9EF51C5CE907"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B59F779-5E90-40E3-ABC8-58A7EC3C7E17"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "979B9AA8-3E70-4BCF-8C2F-3C872AF8A7B0"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DCB75C6-3E7A-41C7-8513-8766C4ED73F7"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.7.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "717A9E8C-9E3E-4F55-8CD4-D9E6CF670C5C"
},
{
"criteria": "cpe:2.3:a:rubygems:json_gem:1.7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52D8BF48-03A7-4EFA-B626-A92C8570CB86"
}
],
"operator": "OR"
}
]
}
]