Arbitrary Code Execution Affecting json package, versions <1.1.0

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RUBY-JSON-20209
published 20 May 2007
disclosed 20 May 2007
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 20 May 2007

CWE-94 Open this link in a new tab

Overview

The json gem is a JSON implementation as a Ruby extension in C.

Affected versions of this Gem contain an overflow condition. This is triggered when user-supplied input is not properly validated while handling specially crafted data. This can allow a remote attacker to cause a stack-based buffer overflow, resulting in a denial of service, or potentially allowing the execution of arbitrary code.

References

http://rubysec.com/advisories/OSVDB-101157

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

High
Integrity (I)

None
Availability (A)

None

Arbitrary Code Execution Affecting json package, versions <1.1.0

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 20 May 2007

Overview

References

CVSS Scores

Snyk