CVE-2020-10663

Name of the Vulnerable Software and Affected Versions JSON gem versions 2.2.0 and earlier Ruby versions 2.4 through 2.4.9 Ruby versions 2.5 through 2.5.7 Ruby versions 2.6 through 2.6.5

Description The JSON gem for Ruby has an Unsafe Object Creation issue due to insufficient input validation. This can lead to the creation of a malicious object within the interpreter when using JSON parsing methods, resulting in application-dependent adverse effects. The issue is similar to a previously known vulnerability but does not rely on poor garbage collection behavior within Ruby.

Recommendations For JSON gem version 2.2.0 and earlier, update to a version with improved checks. For Ruby versions 2.4 through 2.4.9, consider updating to a version with the improved JSON gem. For Ruby versions 2.5 through 2.5.7, consider updating to a version with the improved JSON gem. For Ruby versions 2.6 through 2.6.5, consider updating to a version with the improved JSON gem.