json Gem for Ruby JSON::GenericObject Function Arbitrary Addition Creation

Metadata

high
7.5
json
CVE-2013-0269
osvdb.org
2013-02-04
2017-06-16 20:03
CVE-2013-0269 ruby-json
CVE-2013-0269 ruby1.9.1
CVE-2013-0269 ruby1.8
Ruby on Rails JSON Gem Arbitrary Symbol Creation Remote DoS
CVE-2013-0269
2017-06-16 19:02
2017-04-01 19:10
2017-01-05 20:15

Description

json Gem for Ruby contains a flaw in the JSON::GenericObject function. The
issue is due to the program failing to restrict users from creating additions
regardless of the state of create_additions. This may allow a remote attacker
to create arbitrary additions.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in Unaffected in
json >= 1.7.7 < 1.7.0