13 matches found
EUVD-2021-0786
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-25739
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection...
GHSA-78VQ-9J56-WRFR Gon gem lack of escaping certain input when outputting as JSON
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
Gon gem lack of escaping certain input when outputting as JSON
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
Ubuntu 18.04 LTS : Gon gem vulnerability (USN-4560-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4560-1 advisory. It was discovered that Gon gem did not properly escape certain input. An attacker could use this vulnerability to execute a cross-site scripting XSS attack. Tenab...
USN-4560-1 ruby-gon vulnerability
It was discovered that Gon gem did not properly escape certain input. An attacker could use this vulnerability to execute a cross-site scripting XSS attack...
CVE-2020-25739
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
DEBIAN-CVE-2020-25739
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
CVE-2020-25739
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
Design/Logic Flaw
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
UBUNTU-CVE-2020-25739
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
CVE-2020-25739
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
PT-2020-16179 · Ruby +1 · Gon +1
Name of the Vulnerable Software and Affected Versions: gon versions prior to 6.4.0 Description: An issue was discovered in the gon gem for Ruby, where MultiJson does not honor the escape mode parameter to escape fields as an XSS protection mechanism. To mitigate, json dumper.rb in gon now does...