CVE-2013-0269 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-0269 Interim 1 16 2023-12-08T02:45:45Z current 2021-05-30T13:08:21Z 2023-12-08T02:45:45Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-0269 The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability." The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2013-April/000407.html E-Mail link for SUSE-SU-2013:0609-1 https://lists.suse.com/pipermail/sle-security-updates/2013-April/000417.html E-Mail link for SUSE-SU-2013:0609-2 https://lists.suse.com/pipermail/sle-security-updates/2013-April/000410.html E-Mail link for SUSE-SU-2013:0612-1 https://lists.suse.com/pipermail/sle-security-updates/2013-April/000411.html E-Mail link for SUSE-SU-2013:0615-1 https://lists.suse.com/pipermail/sle-security-updates/2013-April/000418.html E-Mail link for SUSE-SU-2013:0647-1 https://lists.suse.com/pipermail/sle-security-updates/2013-June/000483.html E-Mail link for SUSE-SU-2013:1036-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Lifecycle Management Server 1.3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE OpenStack Cloud 6 SUSE Studio Onsite 1.3 SUSE Studio Onsite Runner 1.2 SUSE WebYast 1.3 ruby19-1.9.3.p392-0.7.1 ruby19-devel-1.9.3.p392-0.7.1 ruby19-devel-extra-1.9.3.p392-0.7.1 ruby2.1-rubygem-chef-10.32.2-3.1 ruby2.1-rubygem-chef-10.32.2-3.2 ruby2.1-rubygem-chef-expander-10.32.2-1.34 ruby2.1-rubygem-chef-server-10.32.2-1.1 ruby2.1-rubygem-chef-server-api-10.32.2-4.2 ruby2.1-rubygem-chef-solr-10.32.2-1.2 rubygem-chef-10.32.2-3.1 rubygem-chef-10.32.2-3.2 rubygem-chef-expander-10.32.2-1.34 rubygem-chef-server-api-10.32.2-4.2 rubygem-chef-solr-10.32.2-1.2 rubygem-crack-0.1.7-0.5.4 rubygem-json_pure-1.2.0-0.4.1 rubygem-json_pure-1.2.0-0.4.4 susestudio-1.3.1.0-0.5.2 susestudio-bundled-packages-1.3.1.0-0.5.2 susestudio-common-1.3.1.0-0.5.2 susestudio-runner-1.3.1.0-0.5.2 susestudio-sid-1.3.1.0-0.5.2 susestudio-ui-server-1.3.1.0-0.5.2 ruby2.1-rubygem-chef-10.32.2-3.1 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 rubygem-chef-10.32.2-3.1 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 rubygem-json_pure-1.2.0-0.4.4 as a component of SUSE Lifecycle Management Server 1.3 rubygem-json_pure-1.2.0-0.4.4 as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 rubygem-json_pure-1.2.0-0.4.4 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 ruby2.1-rubygem-chef-10.32.2-3.2 as a component of SUSE OpenStack Cloud 6 ruby2.1-rubygem-chef-expander-10.32.2-1.34 as a component of SUSE OpenStack Cloud 6 ruby2.1-rubygem-chef-server-10.32.2-1.1 as a component of SUSE OpenStack Cloud 6 ruby2.1-rubygem-chef-server-api-10.32.2-4.2 as a component of SUSE OpenStack Cloud 6 ruby2.1-rubygem-chef-solr-10.32.2-1.2 as a component of SUSE OpenStack Cloud 6 rubygem-chef-10.32.2-3.2 as a component of SUSE OpenStack Cloud 6 rubygem-chef-expander-10.32.2-1.34 as a component of SUSE OpenStack Cloud 6 rubygem-chef-server-api-10.32.2-4.2 as a component of SUSE OpenStack Cloud 6 rubygem-chef-solr-10.32.2-1.2 as a component of SUSE OpenStack Cloud 6 ruby19-1.9.3.p392-0.7.1 as a component of SUSE Studio Onsite 1.3 ruby19-devel-1.9.3.p392-0.7.1 as a component of SUSE Studio Onsite 1.3 ruby19-devel-extra-1.9.3.p392-0.7.1 as a component of SUSE Studio Onsite 1.3 susestudio-1.3.1.0-0.5.2 as a component of SUSE Studio Onsite 1.3 susestudio-bundled-packages-1.3.1.0-0.5.2 as a component of SUSE Studio Onsite 1.3 susestudio-common-1.3.1.0-0.5.2 as a component of SUSE Studio Onsite 1.3 susestudio-runner-1.3.1.0-0.5.2 as a component of SUSE Studio Onsite 1.3 susestudio-sid-1.3.1.0-0.5.2 as a component of SUSE Studio Onsite 1.3 susestudio-ui-server-1.3.1.0-0.5.2 as a component of SUSE Studio Onsite 1.3 rubygem-crack-0.1.7-0.5.4 as a component of SUSE Studio Onsite Runner 1.2 rubygem-json_pure-1.2.0-0.4.1 as a component of SUSE Studio Onsite Runner 1.2 rubygem-json_pure-1.2.0-0.4.4 as a component of SUSE WebYast 1.3 The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability." CVE-2013-0269 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:ruby2.1-rubygem-chef-10.32.2-3.1 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:rubygem-chef-10.32.2-3.1 SUSE Lifecycle Management Server 1.3:rubygem-json_pure-1.2.0-0.4.4 SUSE Linux Enterprise Software Development Kit 11 SP2:rubygem-json_pure-1.2.0-0.4.4 SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-json_pure-1.2.0-0.4.4 SUSE OpenStack Cloud 6:ruby2.1-rubygem-chef-10.32.2-3.2 SUSE OpenStack Cloud 6:ruby2.1-rubygem-chef-expander-10.32.2-1.34 SUSE OpenStack Cloud 6:ruby2.1-rubygem-chef-server-10.32.2-1.1 SUSE OpenStack Cloud 6:ruby2.1-rubygem-chef-server-api-10.32.2-4.2 SUSE OpenStack Cloud 6:ruby2.1-rubygem-chef-solr-10.32.2-1.2 SUSE OpenStack Cloud 6:rubygem-chef-10.32.2-3.2 SUSE OpenStack Cloud 6:rubygem-chef-expander-10.32.2-1.34 SUSE OpenStack Cloud 6:rubygem-chef-server-api-10.32.2-4.2 SUSE OpenStack Cloud 6:rubygem-chef-solr-10.32.2-1.2 SUSE Studio Onsite 1.3:ruby19-1.9.3.p392-0.7.1 SUSE Studio Onsite 1.3:ruby19-devel-1.9.3.p392-0.7.1 SUSE Studio Onsite 1.3:ruby19-devel-extra-1.9.3.p392-0.7.1 SUSE Studio Onsite 1.3:susestudio-1.3.1.0-0.5.2 SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.1.0-0.5.2 SUSE Studio Onsite 1.3:susestudio-common-1.3.1.0-0.5.2 SUSE Studio Onsite 1.3:susestudio-runner-1.3.1.0-0.5.2 SUSE Studio Onsite 1.3:susestudio-sid-1.3.1.0-0.5.2 SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.1.0-0.5.2 SUSE Studio Onsite Runner 1.2:rubygem-crack-0.1.7-0.5.4 SUSE Studio Onsite Runner 1.2:rubygem-json_pure-1.2.0-0.4.1 SUSE WebYast 1.3:rubygem-json_pure-1.2.0-0.4.4 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P