CVE-2020-25739
The CVE-2020-25739 issue affects the gon Ruby gem prior to version 6.4.0. The root cause is that MultiJson does not honor the escape_mode setting, reducing XSS protection when converting data to JSON. As a mitigation, the json_dumper.rb in gon now escapes for XSS by default, independent of MultiJ...