Lucene search

K
cvelistMitreCVELIST:CVE-2020-25739
HistorySep 23, 2020 - 1:53 p.m.

CVE-2020-25739

2020-09-2313:53:14
mitre
www.cve.org

6.1 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.1%

An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.

6.1 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.1%