Overview

CVE-2013-0269 (Rails JSON Unsafe Object Creation Vulnerability)

  • Posted Februrary 13, 2013

  • There is a vulnerability in the JSON rubygem that allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects. More information can be found in the following post:

    Status

    • Hotfixes available for Puppet Enterprise 1.2.6 and 2.7.1

    Hotfixes