# File lib/brakeman/checks/check_json_parsing.rb, line 64
  def check_json_version name, version
    return if version >= "1.7.7" or
              (version >= "1.6.8" and version < "1.7.0") or
              (version >= "1.5.5" and version < "1.6.0")

    warning_type = "Denial of Service"
    confidence = :medium
    gem_name = "#{name} gem"
    message = msg(msg_version(version, gem_name), " has a symbol creation vulnerablity. Upgrade to ")

    if version >= "1.7.0"
      confidence = :high
      warning_type = "Remote Code Execution"
      message = msg(msg_version(version, "json gem"), " has a remote code execution vulnerability. Upgrade to ", msg_version("1.7.7", "json gem"))
    elsif version >= "1.6.0"
      message << msg_version("1.6.8", gem_name)
    elsif version >= "1.5.0"
      message << msg_version("1.5.5", gem_name)
    else
      confidence = :weak
      message << msg_version("1.5.5", gem_name)
    end

    if confidence == :medium and uses_json_parse?
      confidence = :high
    end

    warn :warning_type => warning_type,
      :warning_code => :CVE_2013_0269,
      :message => message,
      :confidence => confidence,
      :gem_info => gemfile_or_environment(name),
      :link => "https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion"
  end