Please sign in to comment.
CVE-2013-0269 Denial of Service and Unsafe Object Creation Vulnerabil…
…ity in JSON Ruby JSON parsing gems were vulnerable to denial of service and unsafe object creation attacks when used on user controlled data. These could be used to create objects in unexpected ways, as well as to consume memory through persistent object creation. This updates our JSON gem to version 1.7.7, a version that is no longer vulnerable to those attacks, mitigating this risk in the Microkernel. This is the only mitigation required, as the Microkernel already correctly uses `JSON.parse` - a safe API for untrusted input - rather than `JSON.load` or other vulnerable inputs. Signed-off-by: Daniel Pittman <email@example.com>
- Loading branch information...