csaf_redhat - rhsa-2013

rhsa-2013_0701

Vulnerability from csaf_redhat

Published

2013-04-02 19:58

Modified

2024-11-05 18:04

Summary

Red Hat Security Advisory: ruby193-ruby, rubygem-json and rubygem-rdoc security update

Notes

Topic

Updated ruby193-ruby, rubygem-json and rubygem-rdoc packages that fix two security issues are now available for Red Hat OpenShift Enterprise 1.1.3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw in rubygem-json and ruby193-rubygem-json allowed remote attacks by creating different types of malicious objects. For example, it could initiate a denial of service attack through resource consumption by using a JSON document to create arbitrary Ruby symbols, which were never garbage collected. It could also be exploited to create internal objects which could allow a SQL injection attack. (CVE-2013-0269) It was found that documentation created by rubygem-rdoc and ruby193-rubygem-rdoc was vulnerable to a cross-site scripting (XSS) attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's session. As rubygem-rdoc and ruby193-rubygem-rdoc are used for creating documentation for Ruby source files (such as classes, modules, and so on), it is not a common scenario to make such documentation accessible over the network. (CVE-2013-0256) Red Hat would like to thank Ruby on Rails upstream for reporting CVE-2013-0269, and Eric Hodel of RDoc upstream for reporting CVE-2013-0256. Upstream acknowledges Thomas Hollstegge of Zweitag and Ben Murphy as the original reporters of CVE-2013-0269, and Evgeny Ermakov as the original reporter of CVE-2013-0256. Users of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to these updated packages, which correct these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated ruby193-ruby, rubygem-json and rubygem-rdoc packages that fix two\nsecurity issues are now available for Red Hat OpenShift Enterprise 1.1.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Ruby is an extensible, interpreted, object-oriented, scripting language. It\nhas features to process text files and to do system management tasks.\n\nA flaw in rubygem-json and ruby193-rubygem-json allowed remote attacks by\ncreating different types of malicious objects. For example, it could\ninitiate a denial of service attack through resource consumption by using a\nJSON document to create arbitrary Ruby symbols, which were never garbage\ncollected. It could also be exploited to create internal objects which\ncould allow a SQL injection attack. (CVE-2013-0269)\n\nIt was found that documentation created by rubygem-rdoc and\nruby193-rubygem-rdoc was vulnerable to a cross-site scripting (XSS) attack.\nIf such documentation was accessible over a network, and a remote attacker\ncould trick a user into visiting a specially-crafted URL, it would lead to\narbitrary web script execution in the context of the user\u0027s session. As\nrubygem-rdoc and ruby193-rubygem-rdoc are used for creating documentation\nfor Ruby source files (such as classes, modules, and so on), it is not a\ncommon scenario to make such documentation accessible over the network.\n(CVE-2013-0256)\n\nRed Hat would like to thank Ruby on Rails upstream for reporting\nCVE-2013-0269, and Eric Hodel of RDoc upstream for reporting CVE-2013-0256.\nUpstream acknowledges Thomas Hollstegge of Zweitag and Ben Murphy as the\noriginal reporters of CVE-2013-0269, and Evgeny Ermakov as the original\nreporter of CVE-2013-0256.\n\nUsers of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to these\nupdated packages, which correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:0701",
        "url": "https://access.redhat.com/errata/RHSA-2013:0701"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "907820",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907820"
      },
      {
        "category": "external",
        "summary": "909029",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909029"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0701.json"
      }
    ],
    "title": "Red Hat Security Advisory: ruby193-ruby, rubygem-json and rubygem-rdoc security update",
    "tracking": {
      "current_release_date": "2024-11-05T18:04:33+00:00",
      "generator": {
        "date": "2024-11-05T18:04:33+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2013:0701",
      "initial_release_date": "2013-04-02T19:58:00+00:00",
      "revision_history": [
        {
          "date": "2013-04-02T19:58:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2013-04-02T20:06:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T18:04:33+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Enterprise Infrastructure",
                "product": {
                  "name": "Red Hat OpenShift Enterprise Infrastructure",
                  "product_id": "6Server-RHOSE-INFRA",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:1::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Enterprise Node",
                "product": {
                  "name": "Red Hat OpenShift Enterprise Node",
                  "product_id": "6Server-RHOSE-NODE",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:1::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
                "product": {
                  "name": "ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
                  "product_id": "ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-json@1.5.4-28.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
                "product": {
                  "name": "ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
                  "product_id": "ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-ruby-libs@1.9.3.327-28.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
                "product": {
                  "name": "ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
                  "product_id": "ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-io-console@0.3-28.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
                "product": {
                  "name": "ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
                  "product_id": "ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-ruby-tcltk@1.9.3.327-28.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
                "product": {
                  "name": "ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
                  "product_id": "ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-ruby-doc@1.9.3.327-28.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
                "product": {
                  "name": "ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
                  "product_id": "ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-ruby@1.9.3.327-28.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
                "product": {
                  "name": "ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
                  "product_id": "ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-bigdecimal@1.1.0-28.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
                "product": {
                  "name": "ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
                  "product_id": "ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-ruby-debuginfo@1.9.3.327-28.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
                "product": {
                  "name": "ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
                  "product_id": "ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-ruby-devel@1.9.3.327-28.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
                "product": {
                  "name": "ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
                  "product_id": "ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-rdoc@3.9.4-28.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
                "product": {
                  "name": "rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
                  "product_id": "rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-json-debuginfo@1.7.3-2.el6op?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-json-0:1.7.3-2.el6op.x86_64",
                "product": {
                  "name": "rubygem-json-0:1.7.3-2.el6op.x86_64",
                  "product_id": "rubygem-json-0:1.7.3-2.el6op.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-json@1.7.3-2.el6op?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby193-rubygems-0:1.8.23-28.el6.noarch",
                "product": {
                  "name": "ruby193-rubygems-0:1.8.23-28.el6.noarch",
                  "product_id": "ruby193-rubygems-0:1.8.23-28.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygems@1.8.23-28.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
                "product": {
                  "name": "ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
                  "product_id": "ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-ruby-irb@1.9.3.327-28.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
                "product": {
                  "name": "ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
                  "product_id": "ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-minitest@2.5.1-28.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
                "product": {
                  "name": "ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
                  "product_id": "ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygems-devel@1.8.23-28.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
                "product": {
                  "name": "ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
                  "product_id": "ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-rubygem-rake@0.9.2.2-28.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-json-doc-0:1.7.3-2.el6op.noarch",
                "product": {
                  "name": "rubygem-json-doc-0:1.7.3-2.el6op.noarch",
                  "product_id": "rubygem-json-doc-0:1.7.3-2.el6op.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-json-doc@1.7.3-2.el6op?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-rdoc-0:3.8-9.el6op.noarch",
                "product": {
                  "name": "rubygem-rdoc-0:3.8-9.el6op.noarch",
                  "product_id": "rubygem-rdoc-0:3.8-9.el6op.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-rdoc@3.8-9.el6op?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-rdoc-doc-0:3.8-9.el6op.noarch",
                "product": {
                  "name": "rubygem-rdoc-doc-0:3.8-9.el6op.noarch",
                  "product_id": "rubygem-rdoc-doc-0:3.8-9.el6op.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-rdoc-doc@3.8-9.el6op?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby193-ruby-0:1.9.3.327-28.el6.src",
                "product": {
                  "name": "ruby193-ruby-0:1.9.3.327-28.el6.src",
                  "product_id": "ruby193-ruby-0:1.9.3.327-28.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby193-ruby@1.9.3.327-28.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-json-0:1.7.3-2.el6op.src",
                "product": {
                  "name": "rubygem-json-0:1.7.3-2.el6op.src",
                  "product_id": "rubygem-json-0:1.7.3-2.el6op.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-json@1.7.3-2.el6op?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-rdoc-0:3.8-9.el6op.src",
                "product": {
                  "name": "rubygem-rdoc-0:3.8-9.el6op.src",
                  "product_id": "rubygem-rdoc-0:3.8-9.el6op.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-rdoc@3.8-9.el6op?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-0:1.9.3.327-28.el6.src as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.src"
        },
        "product_reference": "ruby193-ruby-0:1.9.3.327-28.el6.src",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch"
        },
        "product_reference": "ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64"
        },
        "product_reference": "ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-io-console-0:0.3-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64"
        },
        "product_reference": "ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-json-0:1.5.4-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64"
        },
        "product_reference": "ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch"
        },
        "product_reference": "ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch"
        },
        "product_reference": "ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64"
        },
        "product_reference": "ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygems-0:1.8.23-28.el6.noarch as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-rubygems-0:1.8.23-28.el6.noarch"
        },
        "product_reference": "ruby193-rubygems-0:1.8.23-28.el6.noarch",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygems-devel-0:1.8.23-28.el6.noarch as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch"
        },
        "product_reference": "ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-json-0:1.7.3-2.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.src"
        },
        "product_reference": "rubygem-json-0:1.7.3-2.el6op.src",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-json-0:1.7.3-2.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.x86_64"
        },
        "product_reference": "rubygem-json-0:1.7.3-2.el6op.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64"
        },
        "product_reference": "rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-json-doc-0:1.7.3-2.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:rubygem-json-doc-0:1.7.3-2.el6op.noarch"
        },
        "product_reference": "rubygem-json-doc-0:1.7.3-2.el6op.noarch",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-rdoc-0:3.8-9.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.noarch"
        },
        "product_reference": "rubygem-rdoc-0:3.8-9.el6op.noarch",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-rdoc-0:3.8-9.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.src"
        },
        "product_reference": "rubygem-rdoc-0:3.8-9.el6op.src",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-rdoc-doc-0:3.8-9.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure",
          "product_id": "6Server-RHOSE-INFRA:rubygem-rdoc-doc-0:3.8-9.el6op.noarch"
        },
        "product_reference": "rubygem-rdoc-doc-0:3.8-9.el6op.noarch",
        "relates_to_product_reference": "6Server-RHOSE-INFRA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-0:1.9.3.327-28.el6.src as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.src"
        },
        "product_reference": "ruby193-ruby-0:1.9.3.327-28.el6.src",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch"
        },
        "product_reference": "ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64"
        },
        "product_reference": "ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64"
        },
        "product_reference": "ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-io-console-0:0.3-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64"
        },
        "product_reference": "ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-json-0:1.5.4-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64"
        },
        "product_reference": "ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch"
        },
        "product_reference": "ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch"
        },
        "product_reference": "ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64"
        },
        "product_reference": "ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygems-0:1.8.23-28.el6.noarch as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-rubygems-0:1.8.23-28.el6.noarch"
        },
        "product_reference": "ruby193-rubygems-0:1.8.23-28.el6.noarch",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby193-rubygems-devel-0:1.8.23-28.el6.noarch as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch"
        },
        "product_reference": "ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-json-0:1.7.3-2.el6op.src as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.src"
        },
        "product_reference": "rubygem-json-0:1.7.3-2.el6op.src",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-json-0:1.7.3-2.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.x86_64"
        },
        "product_reference": "rubygem-json-0:1.7.3-2.el6op.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64"
        },
        "product_reference": "rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-json-doc-0:1.7.3-2.el6op.noarch as a component of Red Hat OpenShift Enterprise Node",
          "product_id": "6Server-RHOSE-NODE:rubygem-json-doc-0:1.7.3-2.el6op.noarch"
        },
        "product_reference": "rubygem-json-doc-0:1.7.3-2.el6op.noarch",
        "relates_to_product_reference": "6Server-RHOSE-NODE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Eric Hodel"
          ],
          "organization": "RDoc upstream"
        },
        {
          "names": [
            "Evgeny Ermakov"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2013-0256",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2013-02-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "907820"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.src",
          "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
          "6Server-RHOSE-INFRA:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
          "6Server-RHOSE-INFRA:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
          "6Server-RHOSE-INFRA:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-rubygems-0:1.8.23-28.el6.noarch",
          "6Server-RHOSE-INFRA:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
          "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.src",
          "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.x86_64",
          "6Server-RHOSE-INFRA:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
          "6Server-RHOSE-INFRA:rubygem-json-doc-0:1.7.3-2.el6op.noarch",
          "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.noarch",
          "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.src",
          "6Server-RHOSE-INFRA:rubygem-rdoc-doc-0:3.8-9.el6op.noarch",
          "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.src",
          "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
          "6Server-RHOSE-NODE:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
          "6Server-RHOSE-NODE:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
          "6Server-RHOSE-NODE:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-rubygems-0:1.8.23-28.el6.noarch",
          "6Server-RHOSE-NODE:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
          "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.src",
          "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.x86_64",
          "6Server-RHOSE-NODE:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
          "6Server-RHOSE-NODE:rubygem-json-doc-0:1.7.3-2.el6op.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-0256"
        },
        {
          "category": "external",
          "summary": "RHBZ#907820",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907820"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0256",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-0256"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0256",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0256"
        },
        {
          "category": "external",
          "summary": "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/",
          "url": "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/"
        }
      ],
      "release_date": "2013-02-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-04-02T19:58:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.src",
            "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygems-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.src",
            "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-INFRA:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-INFRA:rubygem-json-doc-0:1.7.3-2.el6op.noarch",
            "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.noarch",
            "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.src",
            "6Server-RHOSE-INFRA:rubygem-rdoc-doc-0:3.8-9.el6op.noarch",
            "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.src",
            "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygems-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.src",
            "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-NODE:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-NODE:rubygem-json-doc-0:1.7.3-2.el6op.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0701"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.src",
            "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygems-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.src",
            "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-INFRA:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-INFRA:rubygem-json-doc-0:1.7.3-2.el6op.noarch",
            "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.noarch",
            "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.src",
            "6Server-RHOSE-INFRA:rubygem-rdoc-doc-0:3.8-9.el6op.noarch",
            "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.src",
            "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygems-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.src",
            "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-NODE:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-NODE:rubygem-json-doc-0:1.7.3-2.el6op.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ruby on Rails upstream"
          ]
        },
        {
          "names": [
            "Thomas Hollstegge"
          ],
          "organization": "Zweitag",
          "summary": "Acknowledged by upstream."
        },
        {
          "names": [
            "Ben Murphy"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2013-0269",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2013-02-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "909029"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-json: Denial of Service and SQL Injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite tools ship RubyGem Json 1.4.6 which is earlier than affected 1.5.5 version however, this version of RubyGem is not affected to the flaw. We may update RubyGem in a future release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.src",
          "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
          "6Server-RHOSE-INFRA:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
          "6Server-RHOSE-INFRA:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
          "6Server-RHOSE-INFRA:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
          "6Server-RHOSE-INFRA:ruby193-rubygems-0:1.8.23-28.el6.noarch",
          "6Server-RHOSE-INFRA:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
          "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.src",
          "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.x86_64",
          "6Server-RHOSE-INFRA:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
          "6Server-RHOSE-INFRA:rubygem-json-doc-0:1.7.3-2.el6op.noarch",
          "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.noarch",
          "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.src",
          "6Server-RHOSE-INFRA:rubygem-rdoc-doc-0:3.8-9.el6op.noarch",
          "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.src",
          "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
          "6Server-RHOSE-NODE:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
          "6Server-RHOSE-NODE:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
          "6Server-RHOSE-NODE:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
          "6Server-RHOSE-NODE:ruby193-rubygems-0:1.8.23-28.el6.noarch",
          "6Server-RHOSE-NODE:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
          "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.src",
          "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.x86_64",
          "6Server-RHOSE-NODE:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
          "6Server-RHOSE-NODE:rubygem-json-doc-0:1.7.3-2.el6op.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-0269"
        },
        {
          "category": "external",
          "summary": "RHBZ#909029",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909029"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0269",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-0269"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0269",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0269"
        },
        {
          "category": "external",
          "summary": "http://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/",
          "url": "http://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/"
        }
      ],
      "release_date": "2013-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-04-02T19:58:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.src",
            "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygems-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.src",
            "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-INFRA:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-INFRA:rubygem-json-doc-0:1.7.3-2.el6op.noarch",
            "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.noarch",
            "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.src",
            "6Server-RHOSE-INFRA:rubygem-rdoc-doc-0:3.8-9.el6op.noarch",
            "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.src",
            "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygems-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.src",
            "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-NODE:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-NODE:rubygem-json-doc-0:1.7.3-2.el6op.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0701"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.src",
            "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
            "6Server-RHOSE-INFRA:ruby193-rubygems-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-INFRA:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.src",
            "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-INFRA:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-INFRA:rubygem-json-doc-0:1.7.3-2.el6op.noarch",
            "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.noarch",
            "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.src",
            "6Server-RHOSE-INFRA:rubygem-rdoc-doc-0:3.8-9.el6op.noarch",
            "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.src",
            "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64",
            "6Server-RHOSE-NODE:ruby193-rubygems-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-NODE:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch",
            "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.src",
            "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-NODE:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64",
            "6Server-RHOSE-NODE:rubygem-json-doc-0:1.7.3-2.el6op.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rubygem-json: Denial of Service and SQL Injection"
    }
  ]
}

cve-2013-0256

Vulnerability from cvelistv5

Published

2013-03-01 02:00

Modified

2024-08-06 14:18

Severity ?

Summary

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

References

▼	URL	Tags
	http://rhn.redhat.com/errata/RHSA-2013-0701.html	vendor-advisory, x_refsource_REDHAT
	http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/	x_refsource_CONFIRM
	http://secunia.com/advisories/52774	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html	vendor-advisory, x_refsource_SUSE
	http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2	x_refsource_MISC
	http://rhn.redhat.com/errata/RHSA-2013-0728.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-0686.html	vendor-advisory, x_refsource_REDHAT
	https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-0548.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-1733-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=907820	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html	vendor-advisory, x_refsource_SUSE

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:18:09.523Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2013:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0701.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/"
          },
          {
            "name": "52774",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/52774"
          },
          {
            "name": "openSUSE-SU-2013:0303",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2"
          },
          {
            "name": "RHSA-2013:0728",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0728.html"
          },
          {
            "name": "RHSA-2013:0686",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60"
          },
          {
            "name": "RHSA-2013:0548",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html"
          },
          {
            "name": "USN-1733-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1733-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907820"
          },
          {
            "name": "SUSE-SU-2013:0647",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-03-06T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2013:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0701.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/"
        },
        {
          "name": "52774",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/52774"
        },
        {
          "name": "openSUSE-SU-2013:0303",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2"
        },
        {
          "name": "RHSA-2013:0728",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0728.html"
        },
        {
          "name": "RHSA-2013:0686",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60"
        },
        {
          "name": "RHSA-2013:0548",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html"
        },
        {
          "name": "USN-1733-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1733-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907820"
        },
        {
          "name": "SUSE-SU-2013:0647",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-0256",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2013:0701",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0701.html"
            },
            {
              "name": "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/",
              "refsource": "CONFIRM",
              "url": "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/"
            },
            {
              "name": "52774",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/52774"
            },
            {
              "name": "openSUSE-SU-2013:0303",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html"
            },
            {
              "name": "http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2",
              "refsource": "MISC",
              "url": "http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2"
            },
            {
              "name": "RHSA-2013:0728",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0728.html"
            },
            {
              "name": "RHSA-2013:0686",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
            },
            {
              "name": "https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60",
              "refsource": "CONFIRM",
              "url": "https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60"
            },
            {
              "name": "RHSA-2013:0548",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html"
            },
            {
              "name": "USN-1733-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1733-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=907820",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907820"
            },
            {
              "name": "SUSE-SU-2013:0647",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0256",
    "datePublished": "2013-03-01T02:00:00",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2024-08-06T14:18:09.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-0269

Vulnerability from cvelistv5

Published

2013-02-13 01:00

Modified

2024-08-06 14:18

Severity ?

Summary

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."

References

▼	URL	Tags
	http://rhn.redhat.com/errata/RHSA-2013-0701.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html	vendor-advisory, x_refsource_SUSE
	http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html	vendor-advisory, x_refsource_APPLE
	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862	vendor-advisory, x_refsource_SLACKWARE
	http://secunia.com/advisories/52774	third-party-advisory, x_refsource_SECUNIA
	http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed	x_refsource_CONFIRM
	https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain	mailing-list, x_refsource_MLIST
	http://www.osvdb.org/90074	vdb-entry, x_refsource_OSVDB
	https://puppet.com/security/cve/cve-2013-0269	x_refsource_CONFIRM
	http://secunia.com/advisories/52902	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2013-0686.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/57899	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2013/02/11/7	mailing-list, x_refsource_MLIST
	http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2013/02/11/8	mailing-list, x_refsource_MLIST
	http://www.ubuntu.com/usn/USN-1733-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2013-1028.html	vendor-advisory, x_refsource_REDHAT
	https://exchange.xforce.ibmcloud.com/vulnerabilities/82010	vdb-entry, x_refsource_XF
	http://rhn.redhat.com/errata/RHSA-2013-1147.html	vendor-advisory, x_refsource_REDHAT
	http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/	x_refsource_CONFIRM
	http://secunia.com/advisories/52075	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html	vendor-advisory, x_refsource_SUSE

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:18:09.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2013:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0701.html"
          },
          {
            "name": "openSUSE-SU-2013:0603",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html"
          },
          {
            "name": "APPLE-SA-2013-10-22-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
          },
          {
            "name": "SSA:2013-075-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.426862"
          },
          {
            "name": "52774",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/52774"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed"
          },
          {
            "name": "[rubyonrails-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source\u0026output=gplain"
          },
          {
            "name": "90074",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/90074"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/cve-2013-0269"
          },
          {
            "name": "52902",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/52902"
          },
          {
            "name": "RHSA-2013:0686",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
          },
          {
            "name": "57899",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/57899"
          },
          {
            "name": "[oss-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/02/11/7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection"
          },
          {
            "name": "[oss-security] 20130211 Patch update for [CVE-2013-0269]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/02/11/8"
          },
          {
            "name": "USN-1733-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1733-1"
          },
          {
            "name": "SUSE-SU-2013:0609",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html"
          },
          {
            "name": "RHSA-2013:1028",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1028.html"
          },
          {
            "name": "json-ruby-security-bypass(82010)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82010"
          },
          {
            "name": "RHSA-2013:1147",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1147.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/"
          },
          {
            "name": "52075",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/52075"
          },
          {
            "name": "SUSE-SU-2013:0647",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-08T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2013:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0701.html"
        },
        {
          "name": "openSUSE-SU-2013:0603",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html"
        },
        {
          "name": "APPLE-SA-2013-10-22-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
        },
        {
          "name": "SSA:2013-075-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.426862"
        },
        {
          "name": "52774",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/52774"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed"
        },
        {
          "name": "[rubyonrails-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source\u0026output=gplain"
        },
        {
          "name": "90074",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/90074"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/cve-2013-0269"
        },
        {
          "name": "52902",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/52902"
        },
        {
          "name": "RHSA-2013:0686",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
        },
        {
          "name": "57899",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/57899"
        },
        {
          "name": "[oss-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/02/11/7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection"
        },
        {
          "name": "[oss-security] 20130211 Patch update for [CVE-2013-0269]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/02/11/8"
        },
        {
          "name": "USN-1733-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1733-1"
        },
        {
          "name": "SUSE-SU-2013:0609",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html"
        },
        {
          "name": "RHSA-2013:1028",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1028.html"
        },
        {
          "name": "json-ruby-security-bypass(82010)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82010"
        },
        {
          "name": "RHSA-2013:1147",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1147.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/"
        },
        {
          "name": "52075",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/52075"
        },
        {
          "name": "SUSE-SU-2013:0647",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0269",
    "datePublished": "2013-02-13T01:00:00",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2024-08-06T14:18:09.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2013_0701

Vulnerability from csaf_redhat

cve-2013-0256

Vulnerability from cvelistv5

cve-2013-0269

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature