VDB
DEBIAN-CVE-2020-10663
DEBIAN-CVE-2020-10663
PUBLISHED
CVSS 7.5 HIGH
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | ruby-json | 0, 0, 0 |
| Debian:12 | ruby-json | 0, 0, 0 |
| Debian:11 | ruby-json | 0, 0, 0 |
| Debian:13 | ruby-json | 0, 0, 0 |
Exploit Intelligence
- Workaround for CVE-2020-10663 (vulnerability in json gem) (github-poc-repo)
- Workaround for CVE-2020-10663 (vulnerability in json gem) (github-poc)
- owasp-exclude.xml (github-poc)
- suppressions.xml (github-poc)
Timeline
- Apr 28, 2020 CVE Published
- Apr 28, 2026 CVE Updated