DEBIAN-CVE-2013-0269

DEBIAN-CVE-2013-0269 PUBLISHED CVSS 9.300000190734863 CRITICAL

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:14	ruby-json	0, 0, 0
Debian:11	ruby-json	0, 0, 0
Debian:13	ruby-json	0, 0, 0
Debian:12	ruby-json	0, 0, 0

Exploit Intelligence

Inspect all of your Heroku apps for vulnerable versions of the JSON gem (github-poc)

Timeline

Feb 13, 2013 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2013-0269 advisory

Open in Interactive Console →