CNVD-2020-32355 — Vulnetix

CNVD-2020-32355 PUBLISHED

Ruby JSON gem是一款基于Ruby的用于从文本解析JSON以及从Ruby对象生成JSON文本的软件包。 Ruby JSON gem 2.2.0及之前版本中存在输入验证错误漏洞，攻击者可利用该漏洞在目标系统中强制创建任意对象。

Affected Products

Vendor	Product	Versions
	Ruby JSON gem <=2.2.0

Exploit Intelligence

Workaround for CVE-2020-10663 (vulnerability in json gem) (github-poc-repo)
Workaround for CVE-2020-10663 (vulnerability in json gem) (github-poc)
owasp-exclude.xml (github-poc)
suppressions.xml (github-poc)

Timeline

Apr 29, 2020 CVE ID Reserved
Jun 11, 2020 CVE Published

References

https://nvd.nist.gov/vuln/detail/CVE-2020-10663 url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›