Описание
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 6.1.0-1+deb9u1build0.18.04.1 |
| devel | DNE | |
| esm-apps/bionic | released | 6.1.0-1+deb9u1build0.18.04.1 |
| esm-apps/focal | needed | |
| esm-apps/jammy | not-affected | 6.4.0-1 |
| esm-apps/noble | not-affected | 6.4.0-1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needed |
| groovy | ignored | end of life |
Показывать по
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. Mult ...
Gon gem lack of escaping certain input when outputting as JSON
4.3 Medium
CVSS2
6.1 Medium
CVSS3