VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	HIGH	http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html
generic_textual	HIGH	http://rhn.redhat.com/errata/RHSA-2013-0686.html
generic_textual	HIGH	http://rhn.redhat.com/errata/RHSA-2013-0701.html
generic_textual	HIGH	http://rhn.redhat.com/errata/RHSA-2013-1028.html
generic_textual	HIGH	http://rhn.redhat.com/errata/RHSA-2013-1147.html
epss	0.17317	https://api.first.org/data/v1/epss?cve=CVE-2013-0269
epss	0.17317	https://api.first.org/data/v1/epss?cve=CVE-2013-0269
epss	0.17317	https://api.first.org/data/v1/epss?cve=CVE-2013-0269
epss	0.17317	https://api.first.org/data/v1/epss?cve=CVE-2013-0269
epss	0.17317	https://api.first.org/data/v1/epss?cve=CVE-2013-0269
epss	0.17317	https://api.first.org/data/v1/epss?cve=CVE-2013-0269
epss	0.17317	https://api.first.org/data/v1/epss?cve=CVE-2013-0269
epss	0.17317	https://api.first.org/data/v1/epss?cve=CVE-2013-0269
epss	0.17317	https://api.first.org/data/v1/epss?cve=CVE-2013-0269
generic_textual	HIGH	https://exchange.xforce.ibmcloud.com/vulnerabilities/82010
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-x457-cw4h-hq5f
generic_textual	HIGH	https://github.com/flori/json
generic_textual	HIGH	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2013-0269.yml
generic_textual	HIGH	https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2013-0269
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2013-0269
generic_textual	HIGH	https://web.archive.org/web/20130228082541/http://www.securityfocus.com/bid/57899
generic_textual	HIGH	https://web.archive.org/web/20160331131233/http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
generic_textual	HIGH	https://web.archive.org/web/20160808163226/https://puppet.com/security/cve/cve-2013-0269
generic_textual	HIGH	http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2013/02/11/7
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2013/02/11/8
generic_textual	HIGH	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862
generic_textual	HIGH	http://www.ubuntu.com/usn/USN-1733-1
generic_textual	HIGH	http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection

System

Score

Found at

generic_textual

HIGH

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

generic_textual

HIGH

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html

generic_textual

HIGH

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html

generic_textual

HIGH

http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html

generic_textual

HIGH

http://rhn.redhat.com/errata/RHSA-2013-0686.html

generic_textual

HIGH

http://rhn.redhat.com/errata/RHSA-2013-0701.html

generic_textual

HIGH

http://rhn.redhat.com/errata/RHSA-2013-1028.html

generic_textual

HIGH

http://rhn.redhat.com/errata/RHSA-2013-1147.html

epss

0.17317

https://api.first.org/data/v1/epss?cve=CVE-2013-0269

epss

0.17317

https://api.first.org/data/v1/epss?cve=CVE-2013-0269

epss

0.17317

https://api.first.org/data/v1/epss?cve=CVE-2013-0269

epss

0.17317

https://api.first.org/data/v1/epss?cve=CVE-2013-0269

epss

0.17317

https://api.first.org/data/v1/epss?cve=CVE-2013-0269

epss

0.17317

https://api.first.org/data/v1/epss?cve=CVE-2013-0269

epss

0.17317

https://api.first.org/data/v1/epss?cve=CVE-2013-0269

epss

0.17317

https://api.first.org/data/v1/epss?cve=CVE-2013-0269

epss

0.17317

https://api.first.org/data/v1/epss?cve=CVE-2013-0269

generic_textual

HIGH

https://exchange.xforce.ibmcloud.com/vulnerabilities/82010

cvssv3.1_qr

HIGH

https://github.com/advisories/GHSA-x457-cw4h-hq5f

generic_textual

HIGH

https://github.com/flori/json

generic_textual

HIGH

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2013-0269.yml

generic_textual

HIGH

https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain

cvssv2

7.5

https://nvd.nist.gov/vuln/detail/CVE-2013-0269

generic_textual

HIGH

https://nvd.nist.gov/vuln/detail/CVE-2013-0269

generic_textual

HIGH

https://web.archive.org/web/20130228082541/http://www.securityfocus.com/bid/57899

generic_textual

HIGH

https://web.archive.org/web/20160331131233/http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed

generic_textual

HIGH

https://web.archive.org/web/20160808163226/https://puppet.com/security/cve/cve-2013-0269

generic_textual

HIGH

http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released

generic_textual

HIGH

http://www.openwall.com/lists/oss-security/2013/02/11/7

generic_textual

HIGH

http://www.openwall.com/lists/oss-security/2013/02/11/8

generic_textual

HIGH

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862

generic_textual

HIGH

http://www.ubuntu.com/usn/USN-1733-1

generic_textual

HIGH

http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection

Reference id

Reference type

URL

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html

http://rhn.redhat.com/errata/RHSA-2013-0686.html

http://rhn.redhat.com/errata/RHSA-2013-0701.html

http://rhn.redhat.com/errata/RHSA-2013-1028.html

http://rhn.redhat.com/errata/RHSA-2013-1147.html

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0269.json

https://api.first.org/data/v1/epss?cve=CVE-2013-0269

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0269

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269

http://secunia.com/advisories/52075

http://secunia.com/advisories/52774

http://secunia.com/advisories/52902

https://exchange.xforce.ibmcloud.com/vulnerabilities/82010

https://github.com/flori/json

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2013-0269.yml

https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58

https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain

https://nvd.nist.gov/vuln/detail/CVE-2013-0269

http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed

https://puppet.com/security/cve/cve-2013-0269

https://web.archive.org/web/20130228082541/http://www.securityfocus.com/bid/57899

https://web.archive.org/web/20160331131233/http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed

https://web.archive.org/web/20160808163226/https://puppet.com/security/cve/cve-2013-0269

http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released

http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/

http://www.openwall.com/lists/oss-security/2013/02/11/7

http://www.openwall.com/lists/oss-security/2013/02/11/8

http://www.osvdb.org/90074

http://www.securityfocus.com/bid/57899

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862

http://www.ubuntu.com/usn/USN-1733-1

http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection

700436

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700436

909029

https://bugzilla.redhat.com/show_bug.cgi?id=909029

cpe:2.3:a:rubygems:json_gem:1.5.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.5.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.5.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.5.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.5.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.6.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.6.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.6.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.6.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.6.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.4:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.6.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.5:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.6.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.6:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.6.7:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.7:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.7.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.7.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.7.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.7.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.3:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.7.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.4:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.7.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.5:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:json_gem:1.7.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.6:*:*:*:*:*:*:*

GHSA-x457-cw4h-hq5f

https://github.com/advisories/GHSA-x457-cw4h-hq5f

GLSA-201412-27

https://security.gentoo.org/glsa/201412-27

RHSA-2013:0686

https://access.redhat.com/errata/RHSA-2013:0686

RHSA-2013:0701

https://access.redhat.com/errata/RHSA-2013:0701

RHSA-2013:1028

https://access.redhat.com/errata/RHSA-2013:1028

RHSA-2013:1147

https://access.redhat.com/errata/RHSA-2013:1147

RHSA-2013:1185

https://access.redhat.com/errata/RHSA-2013:1185

USN-1733-1

https://usn.ubuntu.com/1733-1/

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:46:48.067880+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby/CVE-2013-0269.yml	38.0.0

2026-04-01T12:46:48.067880+00:00

GitLab Importer

Import

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby/CVE-2013-0269.yml

38.0.0

Vulnerability ID	VCID-ebq1-gkhe-pua7
Aliases	CVE-2013-0269 GHSA-x457-cw4h-hq5f OSV-101137
Summary	Denial of Service and SQL Injection This package allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-502	Deserialization of Untrusted Data

Percentile	0.95009
EPSS Score	0.17317
Published At	April 1, 2026, 12:55 p.m.