CVE-2013-0269

Опубликовано: 11 фев. 2013

Источник: redhat

CVSS2: 7.5

EPSS Средний

Описание

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."

Отчет

Red Hat Satellite tools ship RubyGem Json 1.4.6 which is earlier than affected 1.5.5 version however, this version of RubyGem is not affected to the flaw. We may update RubyGem in a future release.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat CloudForms Tools 1	rubygem-json	Will not fix
Red Hat Enterprise MRG 2	rubygem-json	Affected
Red Hat JBoss Enterprise Web Server 1	dsp-5.3.0	Will not fix
Red Hat JBoss Enterprise Web Server 1	fuse-6	Affected
Red Hat JBoss Enterprise Web Server 1	fuse-entesb-7	Affected
Red Hat JBoss Enterprise Web Server 1	others	Not affected
Red Hat JBoss SOA Platform 4.3	jruby	Will not fix
Red Hat JBoss SOA Platform 5	jruby	Affected
Red Hat Satellite 6	satellite-tools	Not affected
Fuse ESB Enterprise 7.1.0		Fixed	RHSA-2013:1028	09.07.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-502

https://bugzilla.redhat.com/show_bug.cgi?id=909029rubygem-json: Denial of Service and SQL Injection

EPSS

Процентиль: 95%

0.17317

Средний

7.5 High

CVSS2

Связанные уязвимости

CVE-2013-0269

ubuntu

почти 13 лет назад

CVE-2013-0269

nvd

почти 13 лет назад

CVE-2013-0269

debian

почти 13 лет назад

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 ...

GHSA-x457-cw4h-hq5f

github

больше 8 лет назад

JSON gem has Improper Input Validation vulnerability

EPSS

Процентиль: 95%

0.17317

Средний

7.5 High

CVSS2