Search for packages
| purl | pkg:gem/json@1.6 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ebq1-gkhe-pua7
Aliases: CVE-2013-0269 GHSA-x457-cw4h-hq5f OSV-101137 |
Denial of Service and SQL Injection This package allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:18:23.186627+00:00 | Ruby Importer | Affected by | VCID-ebq1-gkhe-pua7 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2013-0269.yml | 38.0.0 |