CVE-2013-0269

Опубликовано: 13 фев. 2013

Источник: ubuntu

Приоритет: medium

EPSS Средний

CVSS2: 7.5

Описание

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."

Релиз	Статус	Примечание
devel	not-affected	1.8.0-1
esm-apps/xenial	not-affected	1.8.0-1
esm-infra-legacy/trusty	not-affected	1.8.0-1
hardy	DNE
lucid	DNE
oneiric	ignored	end of life
precise	ignored	end of life
precise/esm	DNE	precise was needed
quantal	ignored	end of life
raring	ignored	end of life

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was released [1.9.3.194-7ubuntu1]]
hardy	DNE
lucid	ignored	end of life
oneiric	ignored	end of life
precise	released	1.9.3.0-1ubuntu2.5
precise/esm	DNE	precise was released [1.9.3.0-1ubuntu2.5]
quantal	released	1.9.3.194-1ubuntu1.3
raring	released	1.9.3.194-7ubuntu1
saucy	released	1.9.3.194-7ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 95%

0.17317

Средний

7.5 High

CVSS2

Связанные уязвимости

CVE-2013-0269

redhat

почти 13 лет назад

CVE-2013-0269

nvd

почти 13 лет назад

CVE-2013-0269

debian

почти 13 лет назад

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 ...

GHSA-x457-cw4h-hq5f

github

больше 8 лет назад

JSON gem has Improper Input Validation vulnerability

EPSS

Процентиль: 95%

0.17317

Средний

7.5 High

CVSS2

CVE-2013-0269

Описание

Пакет ruby-json

Пакет ruby1.9.1

Ссылки на источники

Связанные уязвимости