VAR-202004-0061
Vulnerability from variot - Updated: 2026-03-09 21:09The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. An attacker could exploit this vulnerability to forcibly create arbitrary objects on the target system. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system.
CVE-2020-10933
Samuel Williams reported a flaw in the socket library which may lead
to exposure of possibly sensitive data from the interpreter.
For the stable distribution (buster), these problems have been fixed in version 2.5.5-3+deb10u2.
We recommend that you upgrade your ruby2.5 packages.
For the detailed security status of ruby2.5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby2.5
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8F5jVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RT1Q/9EmtF3l9EwsTqV0RaU0CvycnypEEHk0vahqwtDKe5m1j13RlbhU5PfeNm n8E4pzw30+zROL8vxrCBQbAkBLACJOD9GwnA1G5mUnga1m49+5TyHEfPTFDsZHZ7 XqWuIJiQpOaPAi9xlywyqxji8OHPND2NNtCF1xk3Mpfk/7Y5JNJjFPnQnprfB4Hf c8AMjgmjV4ElJ60ALpXQzP7snVs4S+LA+Qb2O7V05u8zW0ytiEGTJNKrdG/+Rkrm XKUrEwPJLOU9DlR1JDXD491tOSYGiQdS/vWNQsyGKArpdDbhAUOybWZinD6ZG0KR L7atC327+eNDhpIKcmS4jMRnoQwjmlgPK6m0YwF4mKmyL4lWKwqCddDnIfr7jRSq bW3esnLJatEJiUbcSLpuBn0qO5f6HYb1iRhXJDQlPsuySIjObkn+rim9Bvo0NOQZ SZx74Rv1KX/kYpU4KcZyoygRuuWzl3pPYRj5BYJOViDGIcSKay4w7oypLjSWg7b3 BQfKQ7MbIVIXLk27fS/mOKpG0uXM5cer7LGnZSovl+KQmgp4gBdtCpuzat7Jz3YI tJDwDSjfhUQu8Uew+6bnvDUJ+zFEp/fEly2ueZFSYkkPmWPMcaI3OIk/Q2dLt5ZX gC+Vad6gT/C2UBYZCxxcBTHOcAlImTQ/JPCQMOGrvZM6t7QouuA= =rTdk -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-ruby25-ruby security, bug fix, and enhancement update Advisory ID: RHSA-2021:2104-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2104 Issue date: 2021-05-25 CVE Names: CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2020-10663 CVE-2020-10933 CVE-2020-25613 CVE-2021-28965 =====================================================================
- Summary:
An update for rh-ruby25-ruby is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: rh-ruby25-ruby (2.5.9). (BZ#1952998)
Security Fix(es):
-
ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845)
-
ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201)
-
ruby: Code injection via command argument of Shell#test / Shell#[] (CVE-2019-16255)
-
rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)
-
ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933)
-
ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)
-
ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)
-
ruby: HTTP response splitting in WEBrick (CVE-2019-16254)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
rh-ruby25-ruby: Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero [rhscl-3] (BZ#1953001)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-ruby25-ruby-2.5.9-9.el7.src.rpm
noarch: rh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm rh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm rh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm rh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm rh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm rh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm rh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm rh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm rh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm
ppc64le: rh-ruby25-ruby-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.ppc64le.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.ppc64le.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.ppc64le.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.ppc64le.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.ppc64le.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.ppc64le.rpm
s390x: rh-ruby25-ruby-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.s390x.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.s390x.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.s390x.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.s390x.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.s390x.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.s390x.rpm
x86_64: rh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-ruby25-ruby-2.5.9-9.el7.src.rpm
noarch: rh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm rh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm rh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm rh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm rh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm rh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm rh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm rh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm rh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm
ppc64le: rh-ruby25-ruby-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.ppc64le.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.ppc64le.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.ppc64le.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.ppc64le.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.ppc64le.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.ppc64le.rpm
s390x: rh-ruby25-ruby-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.s390x.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.s390x.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.s390x.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.s390x.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.s390x.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.s390x.rpm
x86_64: rh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-ruby25-ruby-2.5.9-9.el7.src.rpm
noarch: rh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm rh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm rh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm rh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm rh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm rh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm rh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm rh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm rh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm
ppc64le: rh-ruby25-ruby-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.ppc64le.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.ppc64le.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.ppc64le.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.ppc64le.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.ppc64le.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.ppc64le.rpm
s390x: rh-ruby25-ruby-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.s390x.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.s390x.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.s390x.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.s390x.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.s390x.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.s390x.rpm
x86_64: rh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-ruby25-ruby-2.5.9-9.el7.src.rpm
noarch: rh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm rh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm rh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm rh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm rh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm rh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm rh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm rh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm rh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm
x86_64: rh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-15845 https://access.redhat.com/security/cve/CVE-2019-16201 https://access.redhat.com/security/cve/CVE-2019-16254 https://access.redhat.com/security/cve/CVE-2019-16255 https://access.redhat.com/security/cve/CVE-2020-10663 https://access.redhat.com/security/cve/CVE-2020-10933 https://access.redhat.com/security/cve/CVE-2020-25613 https://access.redhat.com/security/cve/CVE-2021-28965 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYKz4Z9zjgjWX9erEAQiSGhAAolhk0URp2zYTGrVhSmNdAVBtSoAd6btc ddv/r5SiXmDuIVM9yUYeLkG62c0cLJOEKENN5ejBg0okwi4sEyd0qOQOEEGB0hSb qGtsePb5k8qDrS8jadaYBldgEhzE9wOKpZHet5+P+NPVTlLmbwNs7feeP5pTjoiv tacVQgkEsyNyQk1EtOm7IZpdoYwc2oQcA490c3ydG+LKBC/Sw6y3UeugEc1uhQl4 Da0VzGlK3wBd33hT5Sr/8hYZsjUUGKTUmmyuWomN3oJJzxCO3JEj0MY1P9O5ADmN 3KQ8jOe4eYW9XK51JqUoKuSLViTNiZLYUiNJmG7jEh1/aRcbPSm4wns467vb9xzC zaAhS4vXnLSTJw7sUrAqudN+pvmH9qcHJ3/RtSaYOQNU01uyy6r2XTSXcOXKmkYa qBv3WmxnPgRR9H2jczj9Qvnqt7TjhiTE1sceAPDEmUY00TFC4hmcons3vleqxI1s nJi5oKmns3+POTiurLDkoiK5wVY2Uexos8D5sA7PsKIuve3UNeOOzm6OVRp60eqF MusHiyR0SG+C2cICx1zog5Z2k1FSI0s/yGprY61qxZAsA+znaJeAFCjlDJPoeoTK lfBP2x/L7KD40pq2LmuE8Y3oEHeF4D5K5yCXJIFxKHrCUFafD++U8GzXd2vjWTxu VVreNcSVN/E= =m8n+ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
Bug Fix(es):
-
[GUI] Colocation constraint can't be added (BZ#1840157)
-
8) - ppc64le, s390x, x86_64
-
Description:
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Bug Fix(es):
-
pcs status on remotes is not working on rhel8.2 any longer (BZ#1832914)
-
pcs cluster stop --all throws errors and doesn't seem to honor the request-timeout option (BZ#1838084)
-
[GUI] Colocation constraint can't be added (BZ#1840158)
-
Bugs fixed (https://bugzilla.redhat.com/):
1827500 - CVE-2020-10663 rubygem-json: Unsafe Object Creation Vulnerability in JSON 1832914 - pcs status on remotes is not working on rhel8.2 any longer [rhel-8.2.0.z] 1838084 - pcs cluster stop --all throws errors and doesn't seem to honor the request-timeout option [rhel-8.2.0.z] 1840158 - [GUI] Colocation constraint can't be added [rhel-8.2.0.z]
6
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.0.1"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"_id": null,
"model": "json",
"scope": "lte",
"trust": 1.0,
"vendor": "json",
"version": "2.2.0"
},
{
"_id": null,
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"_id": null,
"model": "json",
"scope": "eq",
"trust": 0.8,
"vendor": "json",
"version": "2.2.0"
},
{
"_id": null,
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
},
{
"db": "NVD",
"id": "CVE-2020-10663"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:json_project:json",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:opensuse_project:leap",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162764"
},
{
"db": "PACKETSTORM",
"id": "163317"
},
{
"db": "PACKETSTORM",
"id": "162953"
},
{
"db": "PACKETSTORM",
"id": "158184"
},
{
"db": "PACKETSTORM",
"id": "158023"
},
{
"db": "PACKETSTORM",
"id": "158018"
},
{
"db": "PACKETSTORM",
"id": "166070"
}
],
"trust": 0.7
},
"cve": "CVE-2020-10663",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10663",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005087",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-163164",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10663",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005087",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10663",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005087",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-163164",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-10663",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163164"
},
{
"db": "VULMON",
"id": "CVE-2020-10663"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
},
{
"db": "NVD",
"id": "CVE-2020-10663"
}
]
},
"description": {
"_id": null,
"data": "The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. An attacker could exploit this vulnerability to forcibly create arbitrary objects on the target system. When parsing certain JSON documents, the\n json gem can be coerced into creating arbitrary objects in the\n target system. \n\nCVE-2020-10933\n\n Samuel Williams reported a flaw in the socket library which may lead\n to exposure of possibly sensitive data from the interpreter. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.5.5-3+deb10u2. \n\nWe recommend that you upgrade your ruby2.5 packages. \n\nFor the detailed security status of ruby2.5 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/ruby2.5\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8F5jVfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RT1Q/9EmtF3l9EwsTqV0RaU0CvycnypEEHk0vahqwtDKe5m1j13RlbhU5PfeNm\nn8E4pzw30+zROL8vxrCBQbAkBLACJOD9GwnA1G5mUnga1m49+5TyHEfPTFDsZHZ7\nXqWuIJiQpOaPAi9xlywyqxji8OHPND2NNtCF1xk3Mpfk/7Y5JNJjFPnQnprfB4Hf\nc8AMjgmjV4ElJ60ALpXQzP7snVs4S+LA+Qb2O7V05u8zW0ytiEGTJNKrdG/+Rkrm\nXKUrEwPJLOU9DlR1JDXD491tOSYGiQdS/vWNQsyGKArpdDbhAUOybWZinD6ZG0KR\nL7atC327+eNDhpIKcmS4jMRnoQwjmlgPK6m0YwF4mKmyL4lWKwqCddDnIfr7jRSq\nbW3esnLJatEJiUbcSLpuBn0qO5f6HYb1iRhXJDQlPsuySIjObkn+rim9Bvo0NOQZ\nSZx74Rv1KX/kYpU4KcZyoygRuuWzl3pPYRj5BYJOViDGIcSKay4w7oypLjSWg7b3\nBQfKQ7MbIVIXLk27fS/mOKpG0uXM5cer7LGnZSovl+KQmgp4gBdtCpuzat7Jz3YI\ntJDwDSjfhUQu8Uew+6bnvDUJ+zFEp/fEly2ueZFSYkkPmWPMcaI3OIk/Q2dLt5ZX\ngC+Vad6gT/C2UBYZCxxcBTHOcAlImTQ/JPCQMOGrvZM6t7QouuA=\n=rTdk\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-ruby25-ruby security, bug fix, and enhancement update\nAdvisory ID: RHSA-2021:2104-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2104\nIssue date: 2021-05-25\nCVE Names: CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 \n CVE-2019-16255 CVE-2020-10663 CVE-2020-10933 \n CVE-2020-25613 CVE-2021-28965 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-ruby25-ruby is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It\nhas features to process text files and to perform system management tasks. \n\nThe following packages have been upgraded to a later upstream version:\nrh-ruby25-ruby (2.5.9). (BZ#1952998)\n\nSecurity Fix(es):\n\n* ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?\n(CVE-2019-15845)\n\n* ruby: Regular expression denial of service vulnerability of WEBrick\u0027s\nDigest authentication (CVE-2019-16201)\n\n* ruby: Code injection via command argument of Shell#test / Shell#[]\n(CVE-2019-16255)\n\n* rubygem-json: Unsafe object creation vulnerability in JSON\n(CVE-2020-10663)\n\n* ruby: BasicSocket#read_nonblock method leads to information disclosure\n(CVE-2020-10933)\n\n* ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)\n\n* ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)\n\n* ruby: HTTP response splitting in WEBrick (CVE-2019-16254)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* rh-ruby25-ruby: Resolv::DNS: timeouts if multiple IPv6 name servers are\ngiven and address contains leading zero [rhscl-3] (BZ#1953001)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-ruby25-ruby-2.5.9-9.el7.src.rpm\n\nnoarch:\nrh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm\nrh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm\nrh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm\nrh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm\nrh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm\nrh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm\nrh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm\n\nppc64le:\nrh-ruby25-ruby-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.ppc64le.rpm\n\ns390x:\nrh-ruby25-ruby-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.s390x.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.s390x.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.s390x.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.s390x.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.s390x.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.s390x.rpm\n\nx86_64:\nrh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-ruby25-ruby-2.5.9-9.el7.src.rpm\n\nnoarch:\nrh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm\nrh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm\nrh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm\nrh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm\nrh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm\nrh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm\nrh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm\n\nppc64le:\nrh-ruby25-ruby-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.ppc64le.rpm\n\ns390x:\nrh-ruby25-ruby-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.s390x.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.s390x.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.s390x.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.s390x.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.s390x.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.s390x.rpm\n\nx86_64:\nrh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-ruby25-ruby-2.5.9-9.el7.src.rpm\n\nnoarch:\nrh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm\nrh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm\nrh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm\nrh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm\nrh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm\nrh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm\nrh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm\n\nppc64le:\nrh-ruby25-ruby-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.ppc64le.rpm\n\ns390x:\nrh-ruby25-ruby-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.s390x.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.s390x.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.s390x.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.s390x.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.s390x.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.s390x.rpm\n\nx86_64:\nrh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-ruby25-ruby-2.5.9-9.el7.src.rpm\n\nnoarch:\nrh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm\nrh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm\nrh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm\nrh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm\nrh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm\nrh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm\nrh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm\n\nx86_64:\nrh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-15845\nhttps://access.redhat.com/security/cve/CVE-2019-16201\nhttps://access.redhat.com/security/cve/CVE-2019-16254\nhttps://access.redhat.com/security/cve/CVE-2019-16255\nhttps://access.redhat.com/security/cve/CVE-2020-10663\nhttps://access.redhat.com/security/cve/CVE-2020-10933\nhttps://access.redhat.com/security/cve/CVE-2020-25613\nhttps://access.redhat.com/security/cve/CVE-2021-28965\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYKz4Z9zjgjWX9erEAQiSGhAAolhk0URp2zYTGrVhSmNdAVBtSoAd6btc\nddv/r5SiXmDuIVM9yUYeLkG62c0cLJOEKENN5ejBg0okwi4sEyd0qOQOEEGB0hSb\nqGtsePb5k8qDrS8jadaYBldgEhzE9wOKpZHet5+P+NPVTlLmbwNs7feeP5pTjoiv\ntacVQgkEsyNyQk1EtOm7IZpdoYwc2oQcA490c3ydG+LKBC/Sw6y3UeugEc1uhQl4\nDa0VzGlK3wBd33hT5Sr/8hYZsjUUGKTUmmyuWomN3oJJzxCO3JEj0MY1P9O5ADmN\n3KQ8jOe4eYW9XK51JqUoKuSLViTNiZLYUiNJmG7jEh1/aRcbPSm4wns467vb9xzC\nzaAhS4vXnLSTJw7sUrAqudN+pvmH9qcHJ3/RtSaYOQNU01uyy6r2XTSXcOXKmkYa\nqBv3WmxnPgRR9H2jczj9Qvnqt7TjhiTE1sceAPDEmUY00TFC4hmcons3vleqxI1s\nnJi5oKmns3+POTiurLDkoiK5wVY2Uexos8D5sA7PsKIuve3UNeOOzm6OVRp60eqF\nMusHiyR0SG+C2cICx1zog5Z2k1FSI0s/yGprY61qxZAsA+znaJeAFCjlDJPoeoTK\nlfBP2x/L7KD40pq2LmuE8Y3oEHeF4D5K5yCXJIFxKHrCUFafD++U8GzXd2vjWTxu\nVVreNcSVN/E=\n=m8n+\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nBug Fix(es):\n\n* [GUI] Colocation constraint can\u0027t be added (BZ#1840157)\n\n4. 8) - ppc64le, s390x, x86_64\n\n3. Description:\n\nThe pcs packages provide a command-line configuration system for the\nPacemaker and Corosync utilities. \n\nBug Fix(es):\n\n* pcs status on remotes is not working on rhel8.2 any longer (BZ#1832914)\n\n* pcs cluster stop --all throws errors and doesn\u0027t seem to honor the\nrequest-timeout option (BZ#1838084)\n\n* [GUI] Colocation constraint can\u0027t be added (BZ#1840158)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1827500 - CVE-2020-10663 rubygem-json: Unsafe Object Creation Vulnerability in JSON\n1832914 - pcs status on remotes is not working on rhel8.2 any longer [rhel-8.2.0.z]\n1838084 - pcs cluster stop --all throws errors and doesn\u0027t seem to honor the request-timeout option [rhel-8.2.0.z]\n1840158 - [GUI] Colocation constraint can\u0027t be added [rhel-8.2.0.z]\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10663"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
},
{
"db": "VULHUB",
"id": "VHN-163164"
},
{
"db": "VULMON",
"id": "CVE-2020-10663"
},
{
"db": "PACKETSTORM",
"id": "168868"
},
{
"db": "PACKETSTORM",
"id": "162764"
},
{
"db": "PACKETSTORM",
"id": "163317"
},
{
"db": "PACKETSTORM",
"id": "162953"
},
{
"db": "PACKETSTORM",
"id": "158184"
},
{
"db": "PACKETSTORM",
"id": "158023"
},
{
"db": "PACKETSTORM",
"id": "158018"
},
{
"db": "PACKETSTORM",
"id": "166070"
}
],
"trust": 2.52
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-163164",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163164"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-10663",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163317",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158023",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158184",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162764",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158018",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162953",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161870",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160545",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163318",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-32355",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1294",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163164",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10663",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168868",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166070",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163164"
},
{
"db": "VULMON",
"id": "CVE-2020-10663"
},
{
"db": "PACKETSTORM",
"id": "168868"
},
{
"db": "PACKETSTORM",
"id": "162764"
},
{
"db": "PACKETSTORM",
"id": "163317"
},
{
"db": "PACKETSTORM",
"id": "162953"
},
{
"db": "PACKETSTORM",
"id": "158184"
},
{
"db": "PACKETSTORM",
"id": "158023"
},
{
"db": "PACKETSTORM",
"id": "158018"
},
{
"db": "PACKETSTORM",
"id": "166070"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
},
{
"db": "NVD",
"id": "CVE-2020-10663"
}
]
},
"id": "VAR-202004-0061",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163164"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T21:09:41.415000Z",
"patch": {
"_id": null,
"data": [
{
"title": "[SECURITY] [DLA 2192-1] ruby2.1 security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html"
},
{
"title": "FEDORA-2020-26df92331a",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/"
},
{
"title": "FEDORA-2020-a95706b117",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/"
},
{
"title": "FEDORA-2020-d171bf636d",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/"
},
{
"title": "openSUSE-SU-2020:0586-1",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html"
},
{
"title": "CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (Additional fix)",
"trust": 0.8,
"url": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/"
},
{
"title": "Red Hat: Moderate: pcs security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202473 - Security Advisory"
},
{
"title": "Red Hat: Moderate: pcs security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202670 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4721-1 ruby2.5 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5216eb40be88e11afae842c5a0cad903"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1426",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1426"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1423",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1423"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1416",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1416"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1641",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1641"
},
{
"title": "Red Hat: Important: ruby:2.6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220582 - Security Advisory"
},
{
"title": "Red Hat: Important: ruby:2.6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220581 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1422",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1422"
},
{
"title": "Amazon Linux 2: ALASRUBY2.6-2023-007",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALASRUBY2.6-2023-007"
},
{
"title": "mandrill-api-ruby",
"trust": 0.1,
"url": "https://github.com/CareerJSM/mandrill-api-ruby "
},
{
"title": "gem mandrill-api",
"trust": 0.1,
"url": "https://github.com/szmo/mandrill-api-updated "
},
{
"title": "mandrill-api-ruby",
"trust": 0.1,
"url": "https://github.com/retailzipline/mandrill-api-ruby "
},
{
"title": "Workaround for CVE-2020-10663 (vulnerability in json gem)",
"trust": 0.1,
"url": "https://github.com/rails-lts/json_cve_2020_10663 "
},
{
"title": "gem mandrill-api",
"trust": 0.1,
"url": "https://github.com/getaway-house/gem-mandrill-api "
},
{
"title": "CodeQuality",
"trust": 0.1,
"url": "https://github.com/rainchen/code_quality "
},
{
"title": "https://github.com/francois/bundler-slowness-repro",
"trust": 0.1,
"url": "https://github.com/francois/bundler-slowness-repro "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/soosmile/POC "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/PoC-in-GitHub "
},
{
"title": "veracode-container-security-finding-parser",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10663"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163164"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
},
{
"db": "NVD",
"id": "CVE-2020-10663"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10663"
},
{
"trust": 1.3,
"url": "https://www.debian.org/security/2020/dsa-4721"
},
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20210129-0003/"
},
{
"trust": 1.2,
"url": "https://support.apple.com/kb/ht211931"
},
{
"trust": 1.2,
"url": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/"
},
{
"trust": 1.2,
"url": "http://seclists.org/fulldisclosure/2020/dec/32"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ql6mjd2bo4irj5cjfnmcdymqqft24bj/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nk2pbxwmfrud7u7q7lhv4kylyid77ri4/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f4tnvtt66vprmx5uzysdgsvrxkkdddu5/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10663"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10663"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10933"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10933"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15845"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-25613"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-16255"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-16201"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-16254"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16254"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-15845"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16201"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-28965"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28965"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16255"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25613"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:2473"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ql6mjd2bo4irj5cjfnmcdymqqft24bj/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f4tnvtt66vprmx5uzysdgsvrxkkdddu5/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nk2pbxwmfrud7u7q7lhv4kylyid77ri4/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://github.com/careerjsm/mandrill-api-ruby"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/ruby2.5"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.7_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3881"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3881"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2230"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2670"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32066"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0581"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31810"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31810"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32066"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/6206172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41819"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41819"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163164"
},
{
"db": "VULMON",
"id": "CVE-2020-10663"
},
{
"db": "PACKETSTORM",
"id": "168868"
},
{
"db": "PACKETSTORM",
"id": "162764"
},
{
"db": "PACKETSTORM",
"id": "163317"
},
{
"db": "PACKETSTORM",
"id": "162953"
},
{
"db": "PACKETSTORM",
"id": "158184"
},
{
"db": "PACKETSTORM",
"id": "158023"
},
{
"db": "PACKETSTORM",
"id": "158018"
},
{
"db": "PACKETSTORM",
"id": "166070"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
},
{
"db": "NVD",
"id": "CVE-2020-10663"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-163164",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-10663",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168868",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162764",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163317",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162953",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158184",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158023",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158018",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166070",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-10663",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-163164",
"ident": null
},
{
"date": "2020-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10663",
"ident": null
},
{
"date": "2020-07-28T19:12:00",
"db": "PACKETSTORM",
"id": "168868",
"ident": null
},
{
"date": "2021-05-25T14:44:09",
"db": "PACKETSTORM",
"id": "162764",
"ident": null
},
{
"date": "2021-06-30T15:20:46",
"db": "PACKETSTORM",
"id": "163317",
"ident": null
},
{
"date": "2021-06-03T15:13:27",
"db": "PACKETSTORM",
"id": "162953",
"ident": null
},
{
"date": "2020-06-23T15:00:55",
"db": "PACKETSTORM",
"id": "158184",
"ident": null
},
{
"date": "2020-06-10T15:13:03",
"db": "PACKETSTORM",
"id": "158023",
"ident": null
},
{
"date": "2020-06-10T15:10:17",
"db": "PACKETSTORM",
"id": "158018",
"ident": null
},
{
"date": "2022-02-21T15:09:47",
"db": "PACKETSTORM",
"id": "166070",
"ident": null
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005087",
"ident": null
},
{
"date": "2020-04-28T21:15:11.667000",
"db": "NVD",
"id": "CVE-2020-10663",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-163164",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10663",
"ident": null
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005087",
"ident": null
},
{
"date": "2024-11-21T04:55:47.670000",
"db": "NVD",
"id": "CVE-2020-10663",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "JSON gem Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "spoof, code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "166070"
}
],
"trust": 0.1
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.