VDB
CVE-2020-16255
CVE-2020-16255
PUBLISHED
In Ruby existieren mehrere Schwachstellen. Beim Parsen bestimmter JSON-Dokumente kann der Json-gem dazu gezwungen werden, beliebige Objekte im Zielsystem zu erstellen. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher definierte Auswirkungen zu erzielen.
EPSS 0.32% · 55.0th percentile
Risk Scores
EPSS Score
0.32%
55.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | SUSE Linux | |
| Open Source | Open Source Ruby <2.7.1 | |
| Debian | Debian Linux | |
| Ubuntu | Ubuntu Linux | |
| SUSE | SUSE openSUSE | |
| Amazon | Amazon Linux 2 | |
| Red Hat | Red Hat Enterprise Linux | |
| Open Source | Open Source Ruby <2.6.6 | |
| Open Source | Open Source Ruby <2.4.10 | |
| Oracle | Oracle Linux | |
| Open Source | Open Source Ruby <2.5.8 |
Timeline
- Mar 31, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-2476.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2476 advisory
- https://www.ruby-lang.org/en/news/2020/03/31/ruby-2-4-10-released/ advisory
- https://www.ruby-lang.org/en/news/2020/03/31/ruby-2-5-8-released/ advisory
- https://www.ruby-lang.org/en/news/2020/03/31/ruby-2-6-6-released/ advisory
- https://www.ruby-lang.org/en/news/2020/03/31/ruby-2-7-1-released/ advisory
- https://www.suse.com/support/update/announcement/2020/suse-su-20201066-1.html advisory
- https://www.suse.com/support/update/announcement/2020/suse-su-20200995-1.html advisory
- https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202004/msg00030.html advisory
- https://www.suse.com/support/update/announcement/2020/suse-su-20201190-1.html advisory
- http://lists.suse.com/pipermail/sle-security-updates/2020-June/006905.html advisory
- https://access.redhat.com/errata/RHSA-2020:2473 advisory
- https://access.redhat.com/errata/RHSA-2020:2462 advisory
- https://access.redhat.com/errata/RHSA-2020:2670 advisory
- https://www.debian.org/security/2020/dsa-4721 advisory
- http://lists.suse.com/pipermail/sle-security-updates/2020-July/007124.html advisory
- https://ubuntu.com/security/notices/USN-4882-1 advisory
- https://alas.aws.amazon.com/AL2/ALAS-2021-1641.html advisory
- https://access.redhat.com/errata/RHSA-2021:2104 advisory
- https://access.redhat.com/errata/RHSA-2021:2230 advisory
…and 8 more