CVE-2013-0269 (Rails JSON Unsafe Object Creation Vulnerability)
Posted Februrary 13, 2013
There is a vulnerability in the JSON rubygem that allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects.
More information can be found in the following post:
- Hotfixes available for Puppet Enterprise 1.2.6 and 2.7.1