CVE-2020-10663 — Improper Input Validation in Json
Severity
7.5HIGHNVD
EPSS
7.5%
top 8.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 28
Latest updateMar 18
Description
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 10.0, 8.0, Fedora 30, 31
🔴Vulnerability Details
5📋Vendor Advisories
3💬Community
7Bugzilla
▶
Bugzilla▶
CVE-2020-10663 jruby: rubygem-json: Unsafe Object Creation Vulnerability in JSON [fedora-all]↗2020-04-24
Bugzilla▶
CVE-2020-10663 ruby: rubygem-json: Unsafe Object Creation Vulnerability in JSON [fedora-all]↗2020-04-24
Bugzilla▶
CVE-2020-10663 ruby:2.5/ruby: rubygem-json: Unsafe Object Creation Vulnerability in JSON [fedora-all]↗2020-04-24