cbcvebase.
CVE-2013-0269
published 2013-02-13

CVE-2013-0269: The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or…

PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
13.91%
96.1th percentile
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
applemacos
debiandebian_linux
debiandebian_linux
debianruby-json< ruby-json 2.3.0+dfsg-1 (bookworm)ruby-json 2.3.0+dfsg-1 (bookworm)
debianruby-json< ruby-json 1.7.3-3 (bookworm)ruby-json 1.7.3-3 (bookworm)
debianruby2.7< ruby-json 2.3.0+dfsg-1 (bookworm)ruby-json 2.3.0+dfsg-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
joyentjson>= 0 < 2.3.02.3.0
joyentjson>= 0 < 1.5.51.5.5
joyentjson>= 1.6.0 < 1.6.81.6.8
joyentjson>= 1.7.0 < 1.7.71.7.7
json_projectjson<= 2.2.0
opensuseleap
rubygemsjson_gem
rubygemsjson_gem
rubygemsjson_gem
rubygemsjson_gem
rubygemsjson_gem
rubygemsjson_gem
rubygemsjson_gem
rubygemsjson_gem
rubygemsjson_gem
rubygemsjson_gem
rubygemsjson_gem

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa7.5HIGH
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.