Lucene search

Denial Of Service (DoS)

🗓️ 23 Mar 2020 03:43:14Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 50 Views

The JSON gem allows creation of arbitrary Ruby symbols leading to denial of servic

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 199
Tenable Nessus	FreeBSD : rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix) (40194e1c-6d89-11ea-8082-80ee73419af3)	26 Mar 202000:00	–	nessus
Tenable Nessus	Rocky Linux 8 : pcs (RLSA-2020:2462)	9 Feb 202200:00	–	nessus
Tenable Nessus	Amazon Linux AMI : rubygem-json (ALAS-2020-1423)	31 Aug 202000:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2020-10663	4 Mar 202500:00	–	nessus
Tenable Nessus	Debian DLA-2192-1 : ruby2.1 security update	1 May 202000:00	–	nessus
Tenable Nessus	Amazon Linux AMI : ruby19, ruby21 (ALAS-2020-1426)	31 Aug 202000:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : ruby (EulerOS-SA-2020-1686)	17 Jun 202000:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : ruby (EulerOS-SA-2020-1590)	26 May 202000:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2020-1691)	25 Jun 202000:00	–	nessus
Tenable Nessus	Amazon Linux AMI : ruby20 (ALAS-2020-1416)	13 Aug 202000:00	–	nessus

Vulners

Node

ruby rubyMatch2.5.7-r0ruby

AND

alpinelinux alpine_linuxMatch3.10

ruby rubyMatch2.4.6-r0ruby

AND

alpinelinux alpine_linuxMatch3.7

ruby-json ruby-jsonMatch2.3.0+dfsg-1+b3debian

AND

debian debian_linuxMatch11

ruby-json ruby-jsonMatch2.3.0+dfsg-1+b3debian

AND

debian debian_linuxMatch999

ruby rubyMatch2.6.5-r2ruby

AND

alpinelinux alpine_linuxMatchedge

json_project jsonRange1.7.7–2.2.0ruby

clusterlabs pcsMatch0.10.2_4.el8

rh-ruby25-ruby rh-ruby25-rubyMatch2.5.3_6.el7

rh-ruby25-ruby rh-ruby25-rubyMatch2.5.0_5.el7

rh-ruby25-ruby rh-ruby25-rubyMatch2.5.5_7.el7

rh-ruby26-ruby rh-ruby26-rubyMatch2.6.2_118.el7

ruby rubyMatch2.0.0.648_36.el7

ruby rubyMatch2.0.0.648_34.el7_6

ruby rubyMatch2.4.6_91.el7cf

ruby rubyMatch2.0.0.598_25.ael7b_1

ruby rubyMatch2.4.5_90.el7cf

ruby rubyMatch2.4.9_93.el7cf

ruby rubyMatch2.0.0.648_35.el7_6

ruby rubyMatch2.0.0.648_39.el7_9

Source	Link
github	www.github.com/flori/json/commit/bbc88248581fb3c7063edd9fae00af5f7d1f18d9
ruby-lang	www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
seclists	www.seclists.org/fulldisclosure/2020/Dec/32
lists	www.lists.debian.org/debian-lts-announce/2020/04/msg00030.html
debian	www.debian.org/security/2020/dsa-4721
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Mar 2020 03:14Current

4.4Medium risk

Vulners AI Score4.4

CVSS25

CVSS37.5

EPSS0.10014