First published: Wed Sep 23 2020(Updated: )
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
rubygems/gon | <6.4.0 | 6.4.0 |
Gon Project Gon | <6.4.0 | |
Canonical Ubuntu Linux | =18.04 | |
Debian Debian Linux | =9.0 | |
debian/ruby-gon | 6.4.0-1 6.4.0-2 | |
ubuntu/ruby-gon | <6.1.0-1+ | 6.1.0-1+ |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.