You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: en/news/_posts/2020-03-19-json-dos-cve-2020-10663.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,7 @@ There is an unsafe object creation vulnerability in the json gem bundled with Ru
10
10
11
11
## Details
12
12
13
-
When parsing certain JSON documents, the JSON gem (including bundled versions with the Ruby packages) can be coerced in to creating arbitrary object in a target system.
13
+
When parsing certain JSON documents, the json gem (including the one bundled with Ruby) can be coerced into creating arbitrary objects in the target system.
14
14
15
15
This is the same issue as [CVE-2013-0269](https://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/). The previous fix was incomplete, which addressed `JSON.parse(user_input)`, but didn't address some other styles of JSON parsing including `JSON(user_input)` and `JSON.parse(user_input, nil)`.
0 commit comments