Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-10663

Опубликовано: 28 апр. 2020
Источник: debian
EPSS Низкий

Описание

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby-jsonfixed2.3.0+dfsg-1package
ruby-jsonfixed2.1.0+dfsg-2+deb10u1busterpackage
ruby-jsonfixed2.0.1+dfsg-3+deb9u1stretchpackage
ruby2.7not-affectedpackage
ruby2.5removedpackage
ruby2.3removedpackage
ruby2.3fixed2.3.3-1+deb9u8stretchpackage
ruby2.1removedpackage

Примечания

  • https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

  • https://hackerone.com/reports/706934

  • https://github.com/ruby/ruby/commit/36e9ed7fef6eb2d14becf6c52452e4ab16e4bf01 (2.6.6)

  • https://github.com/ruby/ruby/commit/b379ecd8b6832dfcd5dad353b6bfd41701e2d678 (2.5.8)

EPSS

Процентиль: 88%
0.04319
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-10663

CVSS3: 7.5
ubuntu
больше 5 лет назад

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.

redhat логотип

CVE-2020-10663

CVSS3: 7.3
redhat
больше 5 лет назад

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.

nvd логотип

CVE-2020-10663

CVSS3: 7.5
nvd
больше 5 лет назад

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.

github логотип

GHSA-jphg-qwrw-7w9g

CVSS3: 7.5
github
около 5 лет назад

Unsafe object creation in json RubyGem

oracle-oval логотип

ELSA-2020-5724

oracle-oval
больше 5 лет назад

ELSA-2020-5724: pcs security update (IMPORTANT)

EPSS

Процентиль: 88%
0.04319
Низкий