Lucene search

PRIOn knowledge basePRION:CVE-2020-25739

HistorySep 23, 2020 - 2:15 p.m.

Design/Logic Flaw

2020-09-2314:15:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.1%

JSON

An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.

CPENameOperatorVersion
ubuntu_linuxeq18.04
debian_linuxeq9.0
gonlt6.4.0

Name	Operator	Version
ubuntu_linux	eq	18.04
debian_linux	eq	9.0
gon	lt	6.4.0

References

github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7

lists.debian.org/debian-lts-announce/2020/09/msg00018.html

usn.ubuntu.com/4560-1/