MidnightBSD

Advisories for gon_project

CVE-2020-25739 MEDIUM

An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
gon_project gon *
debian debian_linux 9.0
canonical ubuntu_linux 18.04