A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem (including the one bundled with Ruby) can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 2 - Core | ruby | 2021-05-20 16:29 | ALAS2-2021-1641 |
Amazon Linux 2 - Ruby2.6 Extra | ruby | 2023-08-21 20:59 | ALAS2RUBY2.6-2023-007 |
Amazon Linux 1 | ruby19 | 2020-08-26 23:10 | ALAS-2020-1426 |
Amazon Linux 1 | ruby20 | 2020-08-10 23:07 | ALAS-2020-1416 |
Amazon Linux 1 | ruby21 | 2020-08-26 23:10 | ALAS-2020-1426 |
Amazon Linux 1 | ruby24 | 2020-08-26 23:09 | ALAS-2020-1422 |
Amazon Linux 1 | rubygem-json | 2020-08-26 23:09 | ALAS-2020-1423 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:N/I:P/A:N |
NVD | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |