VDB

DEBIAN-CVE-2020-10663

DEBIAN-CVE-2020-10663 PUBLISHED CVSS 7.5 HIGH

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Debian:14ruby-json0, 0, 0
Debian:12ruby-json0, 0, 0
Debian:11ruby-json0, 0, 0
Debian:13ruby-json0, 0, 0

Timeline

  • Apr 28, 2020 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›