ruby.rails.security.injection.rails-check-json-parsing-rce.rails-check-json-parsing-rce
returntocorpAuthor
unknown
Download Count*
License
Rails versions 0.0.0 - 2.3.14 and 3.0.0 - 3.0.19 are vulnerable to a Remote Code Execution attack via JSON parsing (CVE-2013-0333). Either use the 'yajl' gem or update to Rails 2.3.16 or greater if using Rails 0.0.0 - 2.3.14 and Rails 3.0.20 or greater if using Rails 3.0.0 - 3.0.19
Run Locally
Run in CI
Defintion
rules:
- id: rails-check-json-parsing-rce
patterns:
- pattern-either:
- patterns:
- pattern-either:
- pattern: gem 'rails', '$MAJ'
- pattern: gem 'rails', '$MAJ.$MIN'
- pattern: gem 'rails', '$MAJ.$MIN.$PATCH'
- pattern: gem 'rails', '~> $MAJ'
- pattern: gem 'rails', '~> $MAJ.$MIN'
- pattern: gem 'rails', '~> $MAJ.$MIN.$PATCH'
- metavariable-comparison:
metavariable: $MAJ
comparison: $MAJ < 2
- patterns:
- pattern-either:
- pattern: gem 'rails', '2.$MAJ'
- pattern: gem 'rails', '2.$MAJ.$PATCH'
- pattern: gem 'rails', '~> 2.$MAJ'
- pattern: gem 'rails', '~> 2.$MAJ.$PATCH'
- metavariable-comparison:
metavariable: $MAJ
comparison: $MAJ < 3
- patterns:
- pattern-either:
- pattern: gem 'rails', '2.3.$PATCH'
- pattern: gem 'rails', '~> 2.3.$PATCH'
- metavariable-comparison:
metavariable: $PATCH
comparison: $PATCH <= 14
- patterns:
- pattern-either:
- pattern: gem 'rails', '3.0.$PATCH'
- pattern: gem 'rails', '~> 3.0.$PATCH'
- metavariable-comparison:
metavariable: $PATCH
comparison: $PATCH <= 19
- pattern-not-inside: |
source '...'
...
gem 'yajl' ...
...
message: Rails versions 0.0.0 - 2.3.14 and 3.0.0 - 3.0.19 are vulnerable to a
Remote Code Execution attack via JSON parsing (CVE-2013-0333). Either use
the 'yajl' gem or update to Rails 2.3.16 or greater if using Rails 0.0.0 -
2.3.14 and Rails 3.0.20 or greater if using Rails 3.0.0 - 3.0.19
languages:
- generic
severity: WARNING
paths:
include:
- "*Gemfile"
- gems.rb
metadata:
cwe:
- "CWE-74: Improper Neutralization of Special Elements in Output Used by
a Downstream Component ('Injection')"
owasp:
- A03:2021 - Injection
technology:
- rails
source-rule-url: https://github.com/presidentbeef/brakeman/blob/main/lib/brakeman/checks/check_json_parsing.rb
category: security
references:
- https://nvd.nist.gov/vuln/detail/CVE-2013-0333
- https://groups.google.com/g/rubyonrails-security/c/1h2DR63ViGo
subcategory:
- audit
likelihood: LOW
impact: HIGH
confidence: LOW
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Examples
rails-check-json-parsing-rce.Gemfile
source 'https://rubygems.org'
# ok
gem 'rails', '2.3.16'
# ok
gem 'rails', '3.0.20'
# ok
gem 'rails', '~> 2.3.15'
# ruleid: rails-check-json-parsing-rce
gem 'rails', '~> 0.99.99'
# ruleid: rails-check-json-parsing-rce
gem 'rails', '~> 2.2.99'
# ruleid: rails-check-json-parsing-rce
gem 'rails', '2.3.0'
# ruleid: rails-check-json-parsing-rce
gem 'rails', '~> 2.3.0'
# ruleid: rails-check-json-parsing-rce
gem 'rails', '3.0.15'
# ruleid: rails-check-json-parsing-rce
gem 'rails', '~> 3.0.15'
Short Link: https://sg.run/Wj3y