CVE-2013-0269: Denial of Service and SQL Injection

February 12, 2013 (updated December 8, 2017)

This package allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka.

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0269

Code Behaviors & Features

Detect and mitigate CVE-2013-0269 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →