CVE-2020-10663

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.

Summary:

Reference Links(if available):

https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/

CVSS Score (if available)

v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N

v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Links to Exploits(if available)

Tags: CONFIRM, CVE, CVE-2020-10663, Vendor Advisory, vulnerability

CVE-2020-10663

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

Cyber Assessment Framework 3.2

Palo Alto Products Remote Code Execution Vulnerability

Le Slip Français – 1,495,127 breached accounts

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

Cyber Assessment Framework 3.2

Palo Alto Products Remote Code Execution Vulnerability

Le Slip Français – 1,495,127 breached accounts

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog