Lucene search

CVE-2020-10663

🗓️ 28 Apr 2020 21:11:15Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 423 Views🌐 WEB

JSON gem through 2.2.0 for Ruby has Unsafe Object Creation Vulnerabilit

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 199
Tenable Nessus	Rocky Linux 8 : pcs (RLSA-2020:2462)	9 Feb 202200:00	–	nessus
Tenable Nessus	FreeBSD : rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix) (40194e1c-6d89-11ea-8082-80ee73419af3)	26 Mar 202000:00	–	nessus
Tenable Nessus	Amazon Linux AMI : rubygem-json (ALAS-2020-1423)	31 Aug 202000:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2020-10663	4 Mar 202500:00	–	nessus
Tenable Nessus	Debian DLA-2192-1 : ruby2.1 security update	1 May 202000:00	–	nessus
Tenable Nessus	Amazon Linux AMI : ruby19, ruby21 (ALAS-2020-1426)	31 Aug 202000:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : ruby (EulerOS-SA-2020-1686)	17 Jun 202000:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : ruby (EulerOS-SA-2020-1590)	26 May 202000:00	–	nessus
Tenable Nessus	CentOS 8 : pcs (CESA-2020:2462)	1 Feb 202100:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2020-1691)	25 Jun 202000:00	–	nessus

Nvd

Node

json_project jsonRange≤2.2.0ruby

AND

ruby-lang rubyRange2.4.0–2.4.9

ruby-lang rubyRange2.5.0–2.5.7

ruby-lang rubyRange2.6.0–2.6.5

Node

fedoraproject fedoraMatch30

fedoraproject fedoraMatch31

Node

opensuse leapMatch15.1

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch10.0

Node

apple macosMatch11.0.1

Source	Link
lists	www.lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7%40%3Cissues.zookeeper.apache.org%3E
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/
debian	www.debian.org/security/2020/dsa-4721
lists	www.lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae%40%3Cdev.zookeeper.apache.org%3E
lists	www.lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c%40%3Cissues.zookeeper.apache.org%3E
ruby-lang	www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
lists	www.lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db%40%3Cissues.zookeeper.apache.org%3E
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/
lists	www.lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3Cissues.zookeeper.apache.org%3E
lists	www.lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5%40%3Cissues.zookeeper.apache.org%3E

Parameter	Position	Path	Description	CWE
json_class	request body	json_cve_2020_10663	The JSON gem has an unsafe object creation vulnerability that can lead to arbitrary object creation when parsing certain JSON documents.	CWE-20

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Apr 2020 21:15Current

6.7Medium risk

Vulners AI Score6.7

CVSS25

CVSS37.5

EPSS0.07404

CWE-20