Skip to content

Inspect all of your Heroku apps for vulnerable versions of the JSON gem

Notifications You must be signed in to change notification settings

heroku/heroku-CVE-2013-0269

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 

Repository files navigation

heroku-CVE-2013-0269

Inspect all of your heroku apps to see if they are running a vulnerable version of JSON

Background

A security vulnerability has been found in the Ruby JSON gem. This is the root cause for the recently-announced MySQL injection issue in Rails. A new release of the JSON gem is available.

Developers can get a full list of all your affected Heroku applications by running this script. The following JSON versions have been patched and deemed safe from this exploit:

  • 1.7.7
  • 1.6.8
  • 1.5.5

If you do not upgrade, an attacker may be able to execute arbitrary SQL queries on your application's MySQL database. Heroku recommends upgrading to a patched version immediately.

Instructions

  • git clone [email protected]:heroku/heroku-CVE-2013-0269.git
  • cd heroku-CVE-2013-0269
  • ruby heroku-CVE-2013-0269.rb

PGP Signature

The Heroku Security Team's PGP key is available at https://policy.heroku.com/security

About

Inspect all of your Heroku apps for vulnerable versions of the JSON gem

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages