cve
base
Search
Products
Trending
About
Docs
Pricing
Home
/
Products
/
gon_project
/
Gon Project Gon
Gon Project Gon vulnerabilities
1 known vulnerability affecting
gon_project/gon
.
Version
All versions
Total CVEs
1
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM
1
Vulnerabilities
Page 1 of 1
CVE-2020-25739
MEDIUM
CVSS 6.1
fixed in 6.4.0
2020-09-23
CVE-2020-25739 [MEDIUM] CWE-79 CVE-2020-25739: An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escap An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.
nvd