The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."
openSUSE 12.1 openSUSE 12.1 Update openSUSE 12.2 Update openSUSE 12.3 Update SUSE Cloud 1.0 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Lifecycle Management Server 1.3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE OpenStack Cloud 6 SUSE Studio Extension for System z 1.2 SUSE Studio Onsite 1.2 [Appliance - Studio] SUSE Studio Onsite 1.3 SUSE Studio Standard Edition 1.2 WebYaST 1.2 WebYaST 1.3