Skip to content
/ heroku-CVE-2013-0269 Public

Inspect all of your Heroku apps for vulnerable versions of the JSON gem

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

heroku/heroku-CVE-2013-0269

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
README.md
README.md
 
 
heroku-CVE-2013-0269.rb
heroku-CVE-2013-0269.rb
 
 
heroku-CVE-2013-0269.rb.asc
heroku-CVE-2013-0269.rb.asc
 
 

Repository files navigation

heroku-CVE-2013-0269

Inspect all of your heroku apps to see if they are running a vulnerable version of JSON

Background

A security vulnerability has been found in the Ruby JSON gem. This is the root cause for the recently-announced MySQL injection issue in Rails. A new release of the JSON gem is available.

Developers can get a full list of all your affected Heroku applications by running this script. The following JSON versions have been patched and deemed safe from this exploit:

  • 1.7.7
  • 1.6.8
  • 1.5.5

If you do not upgrade, an attacker may be able to execute arbitrary SQL queries on your application's MySQL database. Heroku recommends upgrading to a patched version immediately.

Instructions

  • git clone git@github.com:heroku/heroku-CVE-2013-0269.git
  • cd heroku-CVE-2013-0269
  • ruby heroku-CVE-2013-0269.rb

PGP Signature

The Heroku Security Team's PGP key is available at https://policy.heroku.com/security

About

Inspect all of your Heroku apps for vulnerable versions of the JSON gem

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

25 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages