25 matches found
EUVD-2021-0786
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-25739
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection...
Malicious code in @zalastax/nolb-gon (npm)
The package @zalastax/nolb-gon was found to contain malicious code...
MAL-2025-11627 Malicious code in @zalastax/nolb-gon (npm)
The package @zalastax/nolb-gon was found to contain malicious code...
GHSA-78VQ-9J56-WRFR Gon gem lack of escaping certain input when outputting as JSON
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
Gon gem lack of escaping certain input when outputting as JSON
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
Ubuntu 18.04 LTS : Gon gem vulnerability (USN-4560-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4560-1 advisory. It was discovered that Gon gem did not properly escape certain input. An attacker could use this vulnerability to execute a cross-site scripting XSS attack. Tenab...
Ubuntu: Security Advisory (USN-4560-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4560-1 ruby-gon vulnerability
It was discovered that Gon gem did not properly escape certain input. An attacker could use this vulnerability to execute a cross-site scripting XSS attack...
Debian DLA-2380-1 : ruby-gon security update
It was discovered that there was a cross-site scripting XSS vulnerability in ruby-gon, a Ruby library to send/convert data to JavaScript from a Ruby application. For Debian 9 'Stretch', this problem has been fixed in version 6.1.0-1+deb9u1. We recommend that you upgrade your ruby-gon packages. Fo...
Debian: Security Advisory (DLA-2380-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2380-1] ruby-gon security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2380-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb September 26, 2020 https://wiki.debian.org/LTS -...
DLA-2380-1 ruby-gon - security update
Bulletin has no description...
Ruby Cross-Site Scripting Vulnerability
Ruby is a cross-platform, object-oriented, dynamically typed programming language from the software developer Gyohiro Matsumoto. A cross-site scripting vulnerability exists in Ruby gon versions prior to 6.4.0. The vulnerability stems from a lack of proper validation of client-side data by the web...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. MultiJson method does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
CVE-2020-25739
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
DEBIAN-CVE-2020-25739
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
CVE-2020-25739
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
Design/Logic Flaw
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
UBUNTU-CVE-2020-25739
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...