CVE-2013-0269 (Rails JSON Unsafe Object Creation Vulnerability)

  • Posted Februrary 13, 2013

  • There is a vulnerability in the JSON rubygem that allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects.

    More information can be found in the following post:


    • Hotfixes available for Puppet Enterprise 1.2.6 and 2.7.1