Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/json@1.0.0

Type gem

Namespace

Name json

Version 1.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-2anw-2sck-4bbq

vulnerability_id VCID-2anw-2sck-4bbq

summary

Ruby JSON has a format string injection vulnerability
### Impact

A format string injection vulnerability than that lead to denial of
service attacks or information disclosure, when the `allow_duplicate_key:
false` parsing option is used to parse user supplied documents.

This option isn't the default, if you didn't opt-in to use it,
you are not impacted.

### Patches

Patched in `2.19.2`.

### Workarounds

The issue can be avoided by not using the `allow_duplicate_key: false`
parsing option.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33210.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33210.json

reference_url

https://github.com/ruby/json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby/json

reference_url

https://github.com/ruby/json/security/advisories/GHSA-3m6g-2423-7cp3

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T21:01:54Z/

url

https://github.com/ruby/json/security/advisories/GHSA-3m6g-2423-7cp3

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33210

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33210

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131463
reference_id	1131463
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131463

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2449871
reference_id	2449871
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2449871

reference_url	https://access.redhat.com/errata/RHSA-2026:20596
reference_id	RHSA-2026:20596
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20596

reference_url	https://access.redhat.com/errata/RHSA-2026:20606
reference_id	RHSA-2026:20606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20606

fixed_packages

url pkg:gem/json@2.15.2.1

purl pkg:gem/json@2.15.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2anw-2sck-4bbq

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/json@2.15.2.1

url pkg:gem/json@2.17.1.2

purl pkg:gem/json@2.17.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2anw-2sck-4bbq

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/json@2.17.1.2

url pkg:gem/json@2.19.2

purl pkg:gem/json@2.19.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2anw-2sck-4bbq

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/json@2.19.2

aliases CVE-2026-33210, GHSA-3m6g-2423-7cp3

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2anw-2sck-4bbq

url VCID-8285-7gtt-eqdf

vulnerability_id VCID-8285-7gtt-eqdf

summary

Unsafe Object Creation Vulnerability in JSON (Additional fix)
When parsing certain JSON documents, the json gem (including the one bundled
with Ruby) can be coerced into creating arbitrary objects in the target
system.

This is the same issue as CVE-2013-0269. The previous fix was incomplete, which
addressed `JSON.parse(user_input)`, but didn’t address some other styles of JSON
parsing including `JSON(user_input)` and `JSON.parse(user_input, nil)`.

See CVE-2013-0269 in detail. Note that the issue was exploitable to cause a
Denial of Service by creating many garbage-uncollectable Symbol objects, but
this kind of attack is no longer valid because Symbol objects are now
garbage-collectable. However, creating arbitrary objects may cause severe
security consequences depending upon the application code.

Please update the json gem to version 2.3.0 or later. You can use `gem update
json` to update it. If you are using bundler, please add `gem "json", ">= 2.3.0"`
to your Gemfile

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10663.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10663.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10663

reference_id

reference_type

scores

value	0.05892
scoring_system	epss
scoring_elements	0.90753
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933

reference_url

http://seclists.org/fulldisclosure/2020/Dec/32

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2020/Dec/32

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/flori/json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/flori/json

reference_url

https://github.com/flori/json/blob/master/CHANGES.md#2019-12-11-230

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/flori/json/blob/master/CHANGES.md#2019-12-11-230

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2020-10663.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2020-10663.yml

reference_url

https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/

reference_url

https://security.netapp.com/advisory/ntap-20210129-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210129-0003

reference_url	https://security.netapp.com/advisory/ntap-20210129-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210129-0003/

reference_url

https://support.apple.com/kb/HT211931

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/kb/HT211931

reference_url

https://www.debian.org/security/2020/dsa-4721

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2020/dsa-4721

reference_url

https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663

reference_url

https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

url

https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1827500
reference_id	1827500
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1827500

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10663

reference_id

CVE-2020-10663

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10663

reference_url

https://github.com/advisories/GHSA-jphg-qwrw-7w9g

reference_id

GHSA-jphg-qwrw-7w9g

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jphg-qwrw-7w9g

reference_url	https://access.redhat.com/errata/RHSA-2020:2462
reference_id	RHSA-2020:2462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2462

reference_url	https://access.redhat.com/errata/RHSA-2020:2473
reference_id	RHSA-2020:2473
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2473

reference_url	https://access.redhat.com/errata/RHSA-2020:2670
reference_id	RHSA-2020:2670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2670

reference_url	https://access.redhat.com/errata/RHSA-2021:2104
reference_id	RHSA-2021:2104
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2104

reference_url	https://access.redhat.com/errata/RHSA-2021:2230
reference_id	RHSA-2021:2230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2230

reference_url	https://access.redhat.com/errata/RHSA-2021:2587
reference_id	RHSA-2021:2587
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2587

reference_url	https://access.redhat.com/errata/RHSA-2021:2588
reference_id	RHSA-2021:2588
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2588

reference_url	https://access.redhat.com/errata/RHSA-2022:0581
reference_id	RHSA-2022:0581
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0581

reference_url	https://access.redhat.com/errata/RHSA-2022:0582
reference_id	RHSA-2022:0582
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0582

reference_url	https://usn.ubuntu.com/4882-1/
reference_id	USN-4882-1
reference_type
scores
url	https://usn.ubuntu.com/4882-1/

fixed_packages

url pkg:gem/json@2.3.0

purl pkg:gem/json@2.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2anw-2sck-4bbq

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/json@2.3.0

aliases CVE-2020-10663, GHSA-jphg-qwrw-7w9g

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8285-7gtt-eqdf

url VCID-b9hw-gxbc-mkfy

vulnerability_id VCID-b9hw-gxbc-mkfy

summary

Denial of Service and SQL Injection
This package allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka.

references

reference_url

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0686.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0686.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0701.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0701.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1028.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1028.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1147.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1147.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0269.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0269.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0269

reference_id

reference_type

scores

value	0.17317
scoring_system	epss
scoring_elements	0.95173
published_at	2026-06-05T12:55:00Z

value	0.17317
scoring_system	epss
scoring_elements	0.95165
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0269

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0269
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0269

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/82010

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/82010

reference_url

https://github.com/flori/json

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/flori/json

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2013-0269.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2013-0269.yml

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58

reference_url

https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0269

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0269

reference_url

https://web.archive.org/web/20130228082541/http://www.securityfocus.com/bid/57899

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130228082541/http://www.securityfocus.com/bid/57899

reference_url

https://web.archive.org/web/20160331131233/http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160331131233/http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed

reference_url

https://web.archive.org/web/20160808163226/https://puppet.com/security/cve/cve-2013-0269

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160808163226/https://puppet.com/security/cve/cve-2013-0269

reference_url

http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/

reference_url

http://www.openwall.com/lists/oss-security/2013/02/11/7

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/11/7

reference_url

http://www.openwall.com/lists/oss-security/2013/02/11/8

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/11/8

reference_url

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862

reference_url

http://www.ubuntu.com/usn/USN-1733-1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-1733-1

reference_url

http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700436
reference_id	700436
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700436

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=909029
reference_id	909029
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=909029

reference_url

https://github.com/advisories/GHSA-x457-cw4h-hq5f

reference_id

GHSA-x457-cw4h-hq5f

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x457-cw4h-hq5f

reference_url	https://security.gentoo.org/glsa/201412-27
reference_id	GLSA-201412-27
reference_type
scores
url	https://security.gentoo.org/glsa/201412-27

reference_url	https://access.redhat.com/errata/RHSA-2013:0686
reference_id	RHSA-2013:0686
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0686

reference_url	https://access.redhat.com/errata/RHSA-2013:0701
reference_id	RHSA-2013:0701
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0701

reference_url	https://access.redhat.com/errata/RHSA-2013:1028
reference_id	RHSA-2013:1028
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1028

reference_url	https://access.redhat.com/errata/RHSA-2013:1147
reference_id	RHSA-2013:1147
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1147

reference_url	https://access.redhat.com/errata/RHSA-2013:1185
reference_id	RHSA-2013:1185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1185

reference_url	https://usn.ubuntu.com/1733-1/
reference_id	USN-1733-1
reference_type
scores
url	https://usn.ubuntu.com/1733-1/

fixed_packages

url pkg:gem/json@1.5.5

purl pkg:gem/json@1.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2anw-2sck-4bbq

vulnerability	VCID-8285-7gtt-eqdf

vulnerability	VCID-b9hw-gxbc-mkfy

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/json@1.5.5

url pkg:gem/json@1.6.8

purl pkg:gem/json@1.6.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2anw-2sck-4bbq

vulnerability	VCID-8285-7gtt-eqdf

vulnerability	VCID-b9hw-gxbc-mkfy

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/json@1.6.8

url pkg:gem/json@1.7.7

purl pkg:gem/json@1.7.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2anw-2sck-4bbq

vulnerability	VCID-8285-7gtt-eqdf

vulnerability	VCID-b9hw-gxbc-mkfy

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/json@1.7.7

aliases CVE-2013-0269, GHSA-x457-cw4h-hq5f, OSV-101137

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b9hw-gxbc-mkfy

Fixing_vulnerabilities

Risk_score 4.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/json@1.0.0

Package Instance