Improper Input Validation in ruby2.3

Do your applications use this vulnerable package? Test your applications

Overview

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.

References

CONFIRM
CONFIRM
CONFIRM
DEBIAN
Debian Security Announcement
Debian Security Tracker
FEDORA
FULLDISC
Fedora Security Update
Fedora Security Update
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
OpenSuse Security Announcement

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

High
Availability

None

CVE: CVE-2020-10663
CWE: CWE-20
Snyk ID: SNYK-DEBIAN9-RUBY23-567460
Disclosed: 28 Apr, 2020
Published: 25 Apr, 2020

Improper Input Validation
Affecting ruby2.3 package, versions <2.3.3-1+deb9u8

Overview

References

CVSS Score

Improper Input Validation Affecting ruby2.3 package, versions <2.3.3-1+deb9u8

Overview

References

Improper Input Validation
Affecting ruby2.3 package, versions <2.3.3-1+deb9u8