Launchpad.net

CVE 2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."

Related bugs and status

CVE-2013-0269 (Candidate) is related to these bugs:

Bug #1131493: Please merge ruby1.9.1 1.9.3.194-7 (main) from Debian testing (main)

Summary				In	Importance	Status
	1131493	Please merge ruby1.9.1 1.9.3.194-7 (main) from Debian testing (main)		ruby1.9.1 (Ubuntu)	Low	Fix Released

Bug #1990572: [MIR] Promote ruby-json to main as a pcs dependency

Summary				In	Importance	Status
	1990572	[MIR] Promote ruby-json to main as a pcs dependency		ruby-json (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-0269

Related bugs and status

Related bugs

References