Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-10663

Опубликовано: 28 апр. 2020
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:json_project:json:*:*:*:*:*:ruby:*:*
Версия до 2.2.0 (включая)

Одно из

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
Версия от 2.4.0 (включая) до 2.4.9 (включая)
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
Версия от 2.5.0 (включая) до 2.5.7 (включая)
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
Версия от 2.6.0 (включая) до 2.6.5 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 5
cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 88%
0.04319
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2020-10663

CVSS3: 7.5
ubuntu
больше 5 лет назад

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.

redhat логотип

CVE-2020-10663

CVSS3: 7.3
redhat
больше 5 лет назад

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.

debian логотип

CVE-2020-10663

CVSS3: 7.5
debian
больше 5 лет назад

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9 ...

github логотип

GHSA-jphg-qwrw-7w9g

CVSS3: 7.5
github
около 5 лет назад

Unsafe object creation in json RubyGem

oracle-oval логотип

ELSA-2020-5724

oracle-oval
больше 5 лет назад

ELSA-2020-5724: pcs security update (IMPORTANT)

EPSS

Процентиль: 88%
0.04319
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20