CVE-2020-10663

April 4, 2021

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.

Summary:

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.

Reference Links(if available):

  • https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
  • https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html
  • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/

    • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    image

    CVE Alert: CVE-2025-50070

    July 17, 2025
    image

    CVE Alert: CVE-2025-50071

    July 17, 2025
    image

    CVE Alert: CVE-2025-50082

    July 17, 2025
    image

    CVE Alert: CVE-2025-50069

    July 17, 2025
    image

    CVE Alert: CVE-2025-50081

    July 17, 2025