gsd-2013-0269
Vulnerability from gsd
Modified
2013-02-12 00:00
Details
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-0269",
"description": "The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\"",
"id": "GSD-2013-0269",
"references": [
"https://www.suse.com/security/cve/CVE-2013-0269.html",
"https://access.redhat.com/errata/RHSA-2013:1185",
"https://access.redhat.com/errata/RHSA-2013:1147",
"https://access.redhat.com/errata/RHSA-2013:1028",
"https://access.redhat.com/errata/RHSA-2013:0701",
"https://access.redhat.com/errata/RHSA-2013:0686"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "json",
"purl": "pkg:gem/json"
}
}
],
"aliases": [
"CVE-2013-0269",
"OSVDB-101137"
],
"details": "The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\"",
"id": "GSD-2013-0269",
"modified": "2013-02-12T00:00:00.000Z",
"published": "2013-02-12T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0269"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 9.0,
"type": "CVSS_V2"
}
],
"summary": "CVE-2013-0269 rubygem-json: Denial of Service and SQL Injection"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0686.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
},
{
"name": "http://secunia.com/advisories/52774",
"refsource": "MISC",
"url": "http://secunia.com/advisories/52774"
},
{
"name": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/",
"refsource": "MISC",
"url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/"
},
{
"name": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html",
"refsource": "MISC",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-1028.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1028.html"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0701.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0701.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-1147.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1147.html"
},
{
"name": "http://secunia.com/advisories/52075",
"refsource": "MISC",
"url": "http://secunia.com/advisories/52075"
},
{
"name": "http://secunia.com/advisories/52902",
"refsource": "MISC",
"url": "http://secunia.com/advisories/52902"
},
{
"name": "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed",
"refsource": "MISC",
"url": "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/02/11/7",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/02/11/7"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/02/11/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/02/11/8"
},
{
"name": "http://www.osvdb.org/90074",
"refsource": "MISC",
"url": "http://www.osvdb.org/90074"
},
{
"name": "http://www.securityfocus.com/bid/57899",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/57899"
},
{
"name": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.426862",
"refsource": "MISC",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.426862"
},
{
"name": "http://www.ubuntu.com/usn/USN-1733-1",
"refsource": "MISC",
"url": "http://www.ubuntu.com/usn/USN-1733-1"
},
{
"name": "http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection",
"refsource": "MISC",
"url": "http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82010",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82010"
},
{
"name": "https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source\u0026output=gplain",
"refsource": "MISC",
"url": "https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source\u0026output=gplain"
},
{
"name": "https://puppet.com/security/cve/cve-2013-0269",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/cve-2013-0269"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2013-0269",
"cvss_v2": 9.0,
"date": "2013-02-12",
"description": "The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\"",
"gem": "json",
"osvdb": 101137,
"patched_versions": [
"~\u003e 1.5.5",
"~\u003e 1.6.8",
"\u003e= 1.7.7"
],
"title": "CVE-2013-0269 rubygem-json: Denial of Service and SQL Injection",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0269"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.5.5 || \u003e=1.6.0 \u003c1.6.8 || \u003e=1.7.0 \u003c1.7.7",
"affected_versions": "All versions before 1.5.5, all versions starting from 1.6.0 before 1.6.8, all versions starting from 1.7.0 before 1.7.7",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2017-12-08",
"description": "When parsing certain JSON documents, the JSON gem can be coerced in to creating Ruby symbols in a target system. Since Ruby symbols are not garbage collected, this can result in a denial of service attack. The same technique can be used to create objects in a target system that act like internal objects. These \"act alike\" objects can be used to bypass certain security mechanisms and can be used as a spring board for SQL injection attacks in Ruby on Rails.",
"fixed_versions": [
"1.5.5",
"1.6.8",
"1.7.7"
],
"identifier": "CVE-2013-0269",
"identifiers": [
"CVE-2013-0269"
],
"not_impacted": "NONE",
"package_slug": "gem/json",
"pubdate": "2013-02-12",
"solution": "Upgrade, patches and workarounds available (see source)",
"title": "Denial of Service and Unsafe Object Creation Vulnerability",
"urls": [
"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58"
],
"uuid": "fd4699b1-3c7c-4b66-b4a9-d640990c6764"
},
{
"affected_range": "[1.7.1,1.7.3)",
"affected_versions": "All versions starting from 1.7.1 before 1.7.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2017-12-08",
"description": "This package allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka.",
"fixed_versions": [
"1.7.3"
],
"identifier": "CVE-2013-0269",
"identifiers": [
"CVE-2013-0269"
],
"package_slug": "maven/org.jruby/jruby",
"pubdate": "2013-02-12",
"solution": "Upgrade to version 1.7.3 or above.",
"title": "Denial of Service and SQL Injection",
"urls": [
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0269"
],
"uuid": "dbe17325-e976-41dc-b8df-fb185e139033"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:json_gem:1.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0269"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection",
"refsource": "MISC",
"tags": [],
"url": "http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection"
},
{
"name": "[oss-security] 20130211 Patch update for [CVE-2013-0269]",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2013/02/11/8"
},
{
"name": "90074",
"refsource": "OSVDB",
"tags": [],
"url": "http://www.osvdb.org/90074"
},
{
"name": "57899",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/57899"
},
{
"name": "52075",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52075"
},
{
"name": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/"
},
{
"name": "[oss-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2013/02/11/7"
},
{
"name": "USN-1733-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-1733-1"
},
{
"name": "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed",
"refsource": "CONFIRM",
"tags": [],
"url": "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed"
},
{
"name": "[rubyonrails-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]",
"refsource": "MLIST",
"tags": [],
"url": "https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source\u0026output=gplain"
},
{
"name": "52774",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/52774"
},
{
"name": "RHSA-2013:0686",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
},
{
"name": "52902",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/52902"
},
{
"name": "openSUSE-SU-2013:0603",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html"
},
{
"name": "RHSA-2013:0701",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0701.html"
},
{
"name": "SUSE-SU-2013:0609",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html"
},
{
"name": "SUSE-SU-2013:0647",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html"
},
{
"name": "RHSA-2013:1028",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1028.html"
},
{
"name": "RHSA-2013:1147",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1147.html"
},
{
"name": "APPLE-SA-2013-10-22-5",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
},
{
"name": "SSA:2013-075-01",
"refsource": "SLACKWARE",
"tags": [],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.426862"
},
{
"name": "json-ruby-security-bypass(82010)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82010"
},
{
"name": "https://puppet.com/security/cve/cve-2013-0269",
"refsource": "CONFIRM",
"tags": [],
"url": "https://puppet.com/security/cve/cve-2013-0269"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-12-09T02:29Z",
"publishedDate": "2013-02-13T01:55Z"
}
}
}
Loading...