Denial of Service (DoS) Affecting json package, versions >=1.7, <1.7.7>=1.6, <1.6.8<1.5.5
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Denial of Service (DoS) vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-RUBY-JSON-20060
- published10 Feb 2013
- disclosed10 Feb 2013
- creditThomas Hollstegge, Ben Murphy
Introduced: 10 Feb 2013
CVE-2013-0269 (opens in a new tab)Overview
The json gem is a JSON implementation as a Ruby extension in C.
Affected versions of this Gem are vulnerable to Denial of Service (DoS) attacks and unsafe object creation vulnerabilities. When parsing certain JSON documents, the JSON gem tricked into creating Ruby symbols in a target system.
Details
When parsing certain JSON documents, the JSON gem can be coerced in to creating Ruby symbols in a target system. Since Ruby symbols are not garbage collected, this can result in a denial of service attack.
The same technique can be used to create objects in a target system that act like internal objects. These "act alike" objects can be used to bypass certain security mechanisms and can be used as a spring board for SQL injection attacks in Ruby on Rails.
Impacted code looks like this:
JSON.parse(user_input)
Where the user_input variable will have a JSON document like this:
{"json_class":"foo"}
The JSON gem will attempt to look up the constant "foo". Looking up this constant will create a symbol.
In JSON version 1.7.x, objects with arbitrary attributes can be created using JSON documents like this:
{"json_class":"JSON::GenericObject","foo":"bar"}
This document will result in an instance of JSON::GenericObject, with the attribute "foo" that has the value "bar". Instantiating these objects will result in arbitrary symbol creation and in some cases can be used to bypass security measures.
PLEASE NOTE: this behavior does not change when using JSON.load. JSON.load should never be given input from unknown sources. If you are processing JSON from an unknown source, always use JSON.parse.