Thomas Hollstegge

**Name of the Vulnerable Software and Affected Versions** JSON gem versions prior to 1.5.5 JSON gem versions 1.6.x prior to 1.6.8 JSON gem versions 1.7.x prior to 1.7.7 **Description** The issue allows remote attackers to cause a denial of service or bypass the mass assignment protection mechanism via a crafted JSON document. This can trigger the creation of arbitrary Ruby symbols or certain internal objects, potentially leading to attacks such as SQL injection against Ruby on Rails. **Recommendations** For JSON gem versions prior to 1.5.5, update to version 1.5.5 or later. For JSON gem versions 1.6.x prior to 1.6.8, update to version 1.6.8 or later. For JSON gem versions 1.7.x prior to 1.7.7, update to version 1.7.7 or later.