USN-4560-1: Gon gem vulnerability
First published: Wed Sep 30 2020(Updated: )
It was discovered that Gon gem did not properly escape certain input. An attacker could use this vulnerability to execute a cross-site scripting (XSS) attack.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/ruby-gon | <6.1.0-1+deb9u1build0.18.04.1 | 6.1.0-1+deb9u1build0.18.04.1 |
| Ubuntu | =18.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of USN-4560-1?
The USN-4560-1 vulnerability is classified as a high severity issue due to its potential for cross-site scripting (XSS) attacks.
How do I fix USN-4560-1?
To fix USN-4560-1, upgrade the ruby-gon package to version 6.1.0-1+deb9u1build0.18.04.1 or later.
Which software is affected by USN-4560-1?
USN-4560-1 affects the ruby-gon package on Ubuntu Linux version 18.04.
What type of vulnerability is USN-4560-1?
USN-4560-1 is a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts.
Can USN-4560-1 be exploited remotely?
Yes, USN-4560-1 can be exploited remotely if an attacker can control the input used by the vulnerable application.
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/title
- agent/references
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/18.04