The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html cve-icon cve-icon
http://seclists.org/fulldisclosure/2020/Dec/32 cve-icon cve-icon
https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae%40%3Cdev.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-10663 cve-icon
https://security.netapp.com/advisory/ntap-20210129-0003/ cve-icon cve-icon
https://support.apple.com/kb/HT211931 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-10663 cve-icon
https://www.debian.org/security/2020/dsa-4721 cve-icon cve-icon
https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663 cve-icon
https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-28T20:58:30

Updated: 2024-08-04T11:06:10.608Z

Reserved: 2020-03-18T00:00:00

Link: CVE-2020-10663

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-04-28T21:15:11.667

Modified: 2024-11-21T04:55:47.670

Link: CVE-2020-10663

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-03-19T00:00:00Z

Links: CVE-2020-10663 - Bugzilla