Vulnerability-Lookup

VAR-202004-0061

Vulnerability from variot - Updated: 2025-12-22 22:10

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. An attacker could exploit this vulnerability to forcibly create arbitrary objects on the target system. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system.

CVE-2020-10933

Samuel Williams reported a flaw in the socket library which may lead
to exposure of possibly sensitive data from the interpreter.

For the stable distribution (buster), these problems have been fixed in version 2.5.5-3+deb10u2.

We recommend that you upgrade your ruby2.5 packages.

For the detailed security status of ruby2.5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby2.5

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8F5jVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RT1Q/9EmtF3l9EwsTqV0RaU0CvycnypEEHk0vahqwtDKe5m1j13RlbhU5PfeNm n8E4pzw30+zROL8vxrCBQbAkBLACJOD9GwnA1G5mUnga1m49+5TyHEfPTFDsZHZ7 XqWuIJiQpOaPAi9xlywyqxji8OHPND2NNtCF1xk3Mpfk/7Y5JNJjFPnQnprfB4Hf c8AMjgmjV4ElJ60ALpXQzP7snVs4S+LA+Qb2O7V05u8zW0ytiEGTJNKrdG/+Rkrm XKUrEwPJLOU9DlR1JDXD491tOSYGiQdS/vWNQsyGKArpdDbhAUOybWZinD6ZG0KR L7atC327+eNDhpIKcmS4jMRnoQwjmlgPK6m0YwF4mKmyL4lWKwqCddDnIfr7jRSq bW3esnLJatEJiUbcSLpuBn0qO5f6HYb1iRhXJDQlPsuySIjObkn+rim9Bvo0NOQZ SZx74Rv1KX/kYpU4KcZyoygRuuWzl3pPYRj5BYJOViDGIcSKay4w7oypLjSWg7b3 BQfKQ7MbIVIXLk27fS/mOKpG0uXM5cer7LGnZSovl+KQmgp4gBdtCpuzat7Jz3YI tJDwDSjfhUQu8Uew+6bnvDUJ+zFEp/fEly2ueZFSYkkPmWPMcaI3OIk/Q2dLt5ZX gC+Vad6gT/C2UBYZCxxcBTHOcAlImTQ/JPCQMOGrvZM6t7QouuA= =rTdk -----END PGP SIGNATURE----- . 8) - aarch64, noarch, ppc64le, s390x, x86_64

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: rh-ruby26-ruby security, bug fix, and enhancement update Advisory ID: RHSA-2021:2230-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2230 Issue date: 2021-06-03 CVE Names: CVE-2019-3881 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2020-10663 CVE-2020-10933 CVE-2020-25613 CVE-2021-28965 ==================================================================== 1. Summary:

An update for rh-ruby26-ruby is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: rh-ruby26-ruby (2.6.7). (BZ#1701182)

Security Fix(es):

rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code (CVE-2019-3881)
ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845)
ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201)
ruby: Code injection via command argument of Shell#test / Shell#[] (CVE-2019-16255)
rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)
ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933)
ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)
ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)
ruby: HTTP response splitting in WEBrick (CVE-2019-16254)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

rh-ruby26-ruby: Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero [rhscl-3] (BZ#1950331)

Additional Changes:

For detailed information on changes in this release, see the Red Hat Software Collections 3.7 Release Notes linked from the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1651826 - CVE-2019-3881 rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code 1773728 - CVE-2019-16201 ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication 1789407 - CVE-2019-15845 ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? 1789556 - CVE-2019-16254 ruby: HTTP response splitting in WEBrick 1793683 - CVE-2019-16255 ruby: Code injection via command argument of Shell#test / Shell#[] 1827500 - CVE-2020-10663 rubygem-json: Unsafe object creation vulnerability in JSON 1833291 - CVE-2020-10933 ruby: BasicSocket#read_nonblock method leads to information disclosure 1883623 - CVE-2020-25613 ruby: Potential HTTP request smuggling in WEBrick 1947526 - CVE-2021-28965 ruby: XML round-trip vulnerability in REXML 1950331 - rh-ruby26-ruby: Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero [rhscl-3]

Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-ruby26-ruby-2.6.7-119.el7.src.rpm

noarch: rh-ruby26-ruby-doc-2.6.7-119.el7.noarch.rpm rh-ruby26-rubygem-bundler-1.17.2-119.el7.noarch.rpm rh-ruby26-rubygem-did_you_mean-1.3.0-119.el7.noarch.rpm rh-ruby26-rubygem-irb-1.0.0-119.el7.noarch.rpm rh-ruby26-rubygem-minitest-5.11.3-119.el7.noarch.rpm rh-ruby26-rubygem-net-telnet-0.2.0-119.el7.noarch.rpm rh-ruby26-rubygem-power_assert-1.1.3-119.el7.noarch.rpm rh-ruby26-rubygem-rake-12.3.3-119.el7.noarch.rpm rh-ruby26-rubygem-rdoc-6.1.2-119.el7.noarch.rpm rh-ruby26-rubygem-test-unit-3.2.9-119.el7.noarch.rpm rh-ruby26-rubygem-xmlrpc-0.3.0-119.el7.noarch.rpm rh-ruby26-rubygems-3.0.3.1-119.el7.noarch.rpm rh-ruby26-rubygems-devel-3.0.3.1-119.el7.noarch.rpm

ppc64le: rh-ruby26-ruby-2.6.7-119.el7.ppc64le.rpm rh-ruby26-ruby-debuginfo-2.6.7-119.el7.ppc64le.rpm rh-ruby26-ruby-devel-2.6.7-119.el7.ppc64le.rpm rh-ruby26-ruby-libs-2.6.7-119.el7.ppc64le.rpm rh-ruby26-rubygem-bigdecimal-1.4.1-119.el7.ppc64le.rpm rh-ruby26-rubygem-io-console-0.4.7-119.el7.ppc64le.rpm rh-ruby26-rubygem-json-2.1.0-119.el7.ppc64le.rpm rh-ruby26-rubygem-openssl-2.1.2-119.el7.ppc64le.rpm rh-ruby26-rubygem-psych-3.1.0-119.el7.ppc64le.rpm

s390x: rh-ruby26-ruby-2.6.7-119.el7.s390x.rpm rh-ruby26-ruby-debuginfo-2.6.7-119.el7.s390x.rpm rh-ruby26-ruby-devel-2.6.7-119.el7.s390x.rpm rh-ruby26-ruby-libs-2.6.7-119.el7.s390x.rpm rh-ruby26-rubygem-bigdecimal-1.4.1-119.el7.s390x.rpm rh-ruby26-rubygem-io-console-0.4.7-119.el7.s390x.rpm rh-ruby26-rubygem-json-2.1.0-119.el7.s390x.rpm rh-ruby26-rubygem-openssl-2.1.2-119.el7.s390x.rpm rh-ruby26-rubygem-psych-3.1.0-119.el7.s390x.rpm

x86_64: rh-ruby26-ruby-2.6.7-119.el7.x86_64.rpm rh-ruby26-ruby-debuginfo-2.6.7-119.el7.x86_64.rpm rh-ruby26-ruby-devel-2.6.7-119.el7.x86_64.rpm rh-ruby26-ruby-libs-2.6.7-119.el7.x86_64.rpm rh-ruby26-rubygem-bigdecimal-1.4.1-119.el7.x86_64.rpm rh-ruby26-rubygem-io-console-0.4.7-119.el7.x86_64.rpm rh-ruby26-rubygem-json-2.1.0-119.el7.x86_64.rpm rh-ruby26-rubygem-openssl-2.1.2-119.el7.x86_64.rpm rh-ruby26-rubygem-psych-3.1.0-119.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source: rh-ruby26-ruby-2.6.7-119.el7.src.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-ruby26-ruby-2.6.7-119.el7.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2019-3881 https://access.redhat.com/security/cve/CVE-2019-15845 https://access.redhat.com/security/cve/CVE-2019-16201 https://access.redhat.com/security/cve/CVE-2019-16254 https://access.redhat.com/security/cve/CVE-2019-16255 https://access.redhat.com/security/cve/CVE-2020-10663 https://access.redhat.com/security/cve/CVE-2020-10933 https://access.redhat.com/security/cve/CVE-2020-25613 https://access.redhat.com/security/cve/CVE-2021-28965 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.7_release_notes/

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYLi8ltzjgjWX9erEAQi7IA/8C86NMaSfOxaQEY15WzNUFZtcT0OfDkBo KMT5uuXXcwj+rpJGF6kqAAW9chI/HVNshKYXXpOeByffFW+5KLlRB1G6mw9LiOIc SZHX1BhK6dxObWtnPQcqE0JDhb16+sb0GQY3+70szm0iMtFjRiwzNTGHy/T6S+nr poCvsrg/5/mPvKtV32x80T6a5sJxFsW5siYfv1DJeoH7LGnBLkAU4vRCJ3IBdQaX yeEAhx6QjKQG6xfB2YD2SsNliALYId1ytKQcs0IgCsk9IuVOX+Vl1cKU/GFrGp8a UVbTap6gb10YrclTz5ssDlE4NXXPFOx4nX8wI4QxeNam2Sy3tD0uhfgGaN5OdXiz CJZnwE/qIaxzzNMf0TdXaAtYZ7InEr6xjBlc5ncInvI0aQaiDWLKL6odgrLkfboa a+0leBVx3FeREY//WMw5LT1mRzqsnYaK3qT9C6tfxF/NTBFmZmVmJmbC6PiTZWfK T5KjjZJpmbIo1JvjIaWzWCZT8dDhoxSvNWk0CefLlI3/SsUyCURfjmJc7zpbNmzJ l0jIG9kjHVriRjhoWUWBzY7z7QkGx+tU0KYKB1Kx+J1BDXMdLaeJ7ubJIJRBQ4F/ A+75BfTYoxEHjF171or+rIGkOGadwCerTggyNuFi8aQSk4KWmROCFUoiYbEtYxp4 UD6NGAugxlg=k+Dm -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .

Bug Fix(es):

[GUI] Colocation constraint can't be added (BZ#1840157)
8) - ppc64le, s390x, x86_64
Description:

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

Bug Fix(es):

pcs status on remotes is not working on rhel8.2 any longer (BZ#1832914)
pcs cluster stop --all throws errors and doesn't seem to honor the request-timeout option (BZ#1838084)
[GUI] Colocation constraint can't be added (BZ#1840158)
Bugs fixed (https://bugzilla.redhat.com/):

1827500 - CVE-2020-10663 rubygem-json: Unsafe Object Creation Vulnerability in JSON 1832914 - pcs status on remotes is not working on rhel8.2 any longer [rhel-8.2.0.z] 1838084 - pcs cluster stop --all throws errors and doesn't seem to honor the request-timeout option [rhel-8.2.0.z] 1840158 - [GUI] Colocation constraint can't be added [rhel-8.2.0.z]

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0061",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "30"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "macos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0.1"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "31"
      },
      {
        "model": "json",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "json",
        "version": "2.2.0"
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "model": "json",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "json",
        "version": "2.2.0"
      },
      {
        "model": "leap",
        "scope": null,
        "trust": 0.8,
        "vendor": "opensuse",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005087"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-10663"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:debian:debian_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:fedoraproject:fedora",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:json_project:json",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:opensuse_project:leap",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005087"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163317"
      },
      {
        "db": "PACKETSTORM",
        "id": "162953"
      },
      {
        "db": "PACKETSTORM",
        "id": "158184"
      },
      {
        "db": "PACKETSTORM",
        "id": "158023"
      },
      {
        "db": "PACKETSTORM",
        "id": "166075"
      },
      {
        "db": "PACKETSTORM",
        "id": "166070"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-10663",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-10663",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005087",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-163164",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-10663",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005087",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-10663",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-005087",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "VULHUB",
            "id": "VHN-163164",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-10663",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163164"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-10663"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005087"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-10663"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. An attacker could exploit this vulnerability to forcibly create arbitrary objects on the target system. When parsing certain JSON documents, the\n    json gem can be coerced into creating arbitrary objects in the\n    target system. \n\nCVE-2020-10933\n\n    Samuel Williams reported a flaw in the socket library which may lead\n    to exposure of possibly sensitive data from the interpreter. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.5.5-3+deb10u2. \n\nWe recommend that you upgrade your ruby2.5 packages. \n\nFor the detailed security status of ruby2.5 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/ruby2.5\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8F5jVfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RT1Q/9EmtF3l9EwsTqV0RaU0CvycnypEEHk0vahqwtDKe5m1j13RlbhU5PfeNm\nn8E4pzw30+zROL8vxrCBQbAkBLACJOD9GwnA1G5mUnga1m49+5TyHEfPTFDsZHZ7\nXqWuIJiQpOaPAi9xlywyqxji8OHPND2NNtCF1xk3Mpfk/7Y5JNJjFPnQnprfB4Hf\nc8AMjgmjV4ElJ60ALpXQzP7snVs4S+LA+Qb2O7V05u8zW0ytiEGTJNKrdG/+Rkrm\nXKUrEwPJLOU9DlR1JDXD491tOSYGiQdS/vWNQsyGKArpdDbhAUOybWZinD6ZG0KR\nL7atC327+eNDhpIKcmS4jMRnoQwjmlgPK6m0YwF4mKmyL4lWKwqCddDnIfr7jRSq\nbW3esnLJatEJiUbcSLpuBn0qO5f6HYb1iRhXJDQlPsuySIjObkn+rim9Bvo0NOQZ\nSZx74Rv1KX/kYpU4KcZyoygRuuWzl3pPYRj5BYJOViDGIcSKay4w7oypLjSWg7b3\nBQfKQ7MbIVIXLk27fS/mOKpG0uXM5cer7LGnZSovl+KQmgp4gBdtCpuzat7Jz3YI\ntJDwDSjfhUQu8Uew+6bnvDUJ+zFEp/fEly2ueZFSYkkPmWPMcaI3OIk/Q2dLt5ZX\ngC+Vad6gT/C2UBYZCxxcBTHOcAlImTQ/JPCQMOGrvZM6t7QouuA=\n=rTdk\n-----END PGP SIGNATURE-----\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: rh-ruby26-ruby security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2021:2230-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:2230\nIssue date:        2021-06-03\nCVE Names:         CVE-2019-3881 CVE-2019-15845 CVE-2019-16201\n                   CVE-2019-16254 CVE-2019-16255 CVE-2020-10663\n                   CVE-2020-10933 CVE-2020-25613 CVE-2021-28965\n====================================================================\n1. Summary:\n\nAn update for rh-ruby26-ruby is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It\nhas features to process text files and to perform system management tasks. \n\nThe following packages have been upgraded to a later upstream version:\nrh-ruby26-ruby (2.6.7). (BZ#1701182)\n\nSecurity Fix(es):\n\n* rubygem-bundler: Insecure permissions on directory in /tmp/ allows for\nexecution of malicious code (CVE-2019-3881)\n\n* ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?\n(CVE-2019-15845)\n\n* ruby: Regular expression denial of service vulnerability of WEBrick\u0027s\nDigest authentication (CVE-2019-16201)\n\n* ruby: Code injection via command argument of Shell#test / Shell#[]\n(CVE-2019-16255)\n\n* rubygem-json: Unsafe object creation vulnerability in JSON\n(CVE-2020-10663)\n\n* ruby: BasicSocket#read_nonblock method leads to information disclosure\n(CVE-2020-10933)\n\n* ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)\n\n* ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)\n\n* ruby: HTTP response splitting in WEBrick (CVE-2019-16254)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* rh-ruby26-ruby: Resolv::DNS: timeouts if multiple IPv6 name servers are\ngiven and address contains leading zero [rhscl-3] (BZ#1950331)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nSoftware Collections 3.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1651826 - CVE-2019-3881 rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code\n1773728 - CVE-2019-16201 ruby: Regular expression denial of service vulnerability of WEBrick\u0027s Digest authentication\n1789407 - CVE-2019-15845 ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?\n1789556 - CVE-2019-16254 ruby: HTTP response splitting in WEBrick\n1793683 - CVE-2019-16255 ruby: Code injection via command argument of Shell#test / Shell#[]\n1827500 - CVE-2020-10663 rubygem-json: Unsafe object creation vulnerability in JSON\n1833291 - CVE-2020-10933 ruby: BasicSocket#read_nonblock method leads to information disclosure\n1883623 - CVE-2020-25613 ruby: Potential HTTP request smuggling in WEBrick\n1947526 - CVE-2021-28965 ruby: XML round-trip vulnerability in REXML\n1950331 - rh-ruby26-ruby: Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero [rhscl-3]\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-ruby26-ruby-2.6.7-119.el7.src.rpm\n\nnoarch:\nrh-ruby26-ruby-doc-2.6.7-119.el7.noarch.rpm\nrh-ruby26-rubygem-bundler-1.17.2-119.el7.noarch.rpm\nrh-ruby26-rubygem-did_you_mean-1.3.0-119.el7.noarch.rpm\nrh-ruby26-rubygem-irb-1.0.0-119.el7.noarch.rpm\nrh-ruby26-rubygem-minitest-5.11.3-119.el7.noarch.rpm\nrh-ruby26-rubygem-net-telnet-0.2.0-119.el7.noarch.rpm\nrh-ruby26-rubygem-power_assert-1.1.3-119.el7.noarch.rpm\nrh-ruby26-rubygem-rake-12.3.3-119.el7.noarch.rpm\nrh-ruby26-rubygem-rdoc-6.1.2-119.el7.noarch.rpm\nrh-ruby26-rubygem-test-unit-3.2.9-119.el7.noarch.rpm\nrh-ruby26-rubygem-xmlrpc-0.3.0-119.el7.noarch.rpm\nrh-ruby26-rubygems-3.0.3.1-119.el7.noarch.rpm\nrh-ruby26-rubygems-devel-3.0.3.1-119.el7.noarch.rpm\n\nppc64le:\nrh-ruby26-ruby-2.6.7-119.el7.ppc64le.rpm\nrh-ruby26-ruby-debuginfo-2.6.7-119.el7.ppc64le.rpm\nrh-ruby26-ruby-devel-2.6.7-119.el7.ppc64le.rpm\nrh-ruby26-ruby-libs-2.6.7-119.el7.ppc64le.rpm\nrh-ruby26-rubygem-bigdecimal-1.4.1-119.el7.ppc64le.rpm\nrh-ruby26-rubygem-io-console-0.4.7-119.el7.ppc64le.rpm\nrh-ruby26-rubygem-json-2.1.0-119.el7.ppc64le.rpm\nrh-ruby26-rubygem-openssl-2.1.2-119.el7.ppc64le.rpm\nrh-ruby26-rubygem-psych-3.1.0-119.el7.ppc64le.rpm\n\ns390x:\nrh-ruby26-ruby-2.6.7-119.el7.s390x.rpm\nrh-ruby26-ruby-debuginfo-2.6.7-119.el7.s390x.rpm\nrh-ruby26-ruby-devel-2.6.7-119.el7.s390x.rpm\nrh-ruby26-ruby-libs-2.6.7-119.el7.s390x.rpm\nrh-ruby26-rubygem-bigdecimal-1.4.1-119.el7.s390x.rpm\nrh-ruby26-rubygem-io-console-0.4.7-119.el7.s390x.rpm\nrh-ruby26-rubygem-json-2.1.0-119.el7.s390x.rpm\nrh-ruby26-rubygem-openssl-2.1.2-119.el7.s390x.rpm\nrh-ruby26-rubygem-psych-3.1.0-119.el7.s390x.rpm\n\nx86_64:\nrh-ruby26-ruby-2.6.7-119.el7.x86_64.rpm\nrh-ruby26-ruby-debuginfo-2.6.7-119.el7.x86_64.rpm\nrh-ruby26-ruby-devel-2.6.7-119.el7.x86_64.rpm\nrh-ruby26-ruby-libs-2.6.7-119.el7.x86_64.rpm\nrh-ruby26-rubygem-bigdecimal-1.4.1-119.el7.x86_64.rpm\nrh-ruby26-rubygem-io-console-0.4.7-119.el7.x86_64.rpm\nrh-ruby26-rubygem-json-2.1.0-119.el7.x86_64.rpm\nrh-ruby26-rubygem-openssl-2.1.2-119.el7.x86_64.rpm\nrh-ruby26-rubygem-psych-3.1.0-119.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-ruby26-ruby-2.6.7-119.el7.src.rpm\n\nnoarch:\nrh-ruby26-ruby-doc-2.6.7-119.el7.noarch.rpm\nrh-ruby26-rubygem-bundler-1.17.2-119.el7.noarch.rpm\nrh-ruby26-rubygem-did_you_mean-1.3.0-119.el7.noarch.rpm\nrh-ruby26-rubygem-irb-1.0.0-119.el7.noarch.rpm\nrh-ruby26-rubygem-minitest-5.11.3-119.el7.noarch.rpm\nrh-ruby26-rubygem-net-telnet-0.2.0-119.el7.noarch.rpm\nrh-ruby26-rubygem-power_assert-1.1.3-119.el7.noarch.rpm\nrh-ruby26-rubygem-rake-12.3.3-119.el7.noarch.rpm\nrh-ruby26-rubygem-rdoc-6.1.2-119.el7.noarch.rpm\nrh-ruby26-rubygem-test-unit-3.2.9-119.el7.noarch.rpm\nrh-ruby26-rubygem-xmlrpc-0.3.0-119.el7.noarch.rpm\nrh-ruby26-rubygems-3.0.3.1-119.el7.noarch.rpm\nrh-ruby26-rubygems-devel-3.0.3.1-119.el7.noarch.rpm\n\nppc64le:\nrh-ruby26-ruby-2.6.7-119.el7.ppc64le.rpm\nrh-ruby26-ruby-debuginfo-2.6.7-119.el7.ppc64le.rpm\nrh-ruby26-ruby-devel-2.6.7-119.el7.ppc64le.rpm\nrh-ruby26-ruby-libs-2.6.7-119.el7.ppc64le.rpm\nrh-ruby26-rubygem-bigdecimal-1.4.1-119.el7.ppc64le.rpm\nrh-ruby26-rubygem-io-console-0.4.7-119.el7.ppc64le.rpm\nrh-ruby26-rubygem-json-2.1.0-119.el7.ppc64le.rpm\nrh-ruby26-rubygem-openssl-2.1.2-119.el7.ppc64le.rpm\nrh-ruby26-rubygem-psych-3.1.0-119.el7.ppc64le.rpm\n\ns390x:\nrh-ruby26-ruby-2.6.7-119.el7.s390x.rpm\nrh-ruby26-ruby-debuginfo-2.6.7-119.el7.s390x.rpm\nrh-ruby26-ruby-devel-2.6.7-119.el7.s390x.rpm\nrh-ruby26-ruby-libs-2.6.7-119.el7.s390x.rpm\nrh-ruby26-rubygem-bigdecimal-1.4.1-119.el7.s390x.rpm\nrh-ruby26-rubygem-io-console-0.4.7-119.el7.s390x.rpm\nrh-ruby26-rubygem-json-2.1.0-119.el7.s390x.rpm\nrh-ruby26-rubygem-openssl-2.1.2-119.el7.s390x.rpm\nrh-ruby26-rubygem-psych-3.1.0-119.el7.s390x.rpm\n\nx86_64:\nrh-ruby26-ruby-2.6.7-119.el7.x86_64.rpm\nrh-ruby26-ruby-debuginfo-2.6.7-119.el7.x86_64.rpm\nrh-ruby26-ruby-devel-2.6.7-119.el7.x86_64.rpm\nrh-ruby26-ruby-libs-2.6.7-119.el7.x86_64.rpm\nrh-ruby26-rubygem-bigdecimal-1.4.1-119.el7.x86_64.rpm\nrh-ruby26-rubygem-io-console-0.4.7-119.el7.x86_64.rpm\nrh-ruby26-rubygem-json-2.1.0-119.el7.x86_64.rpm\nrh-ruby26-rubygem-openssl-2.1.2-119.el7.x86_64.rpm\nrh-ruby26-rubygem-psych-3.1.0-119.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-ruby26-ruby-2.6.7-119.el7.src.rpm\n\nnoarch:\nrh-ruby26-ruby-doc-2.6.7-119.el7.noarch.rpm\nrh-ruby26-rubygem-bundler-1.17.2-119.el7.noarch.rpm\nrh-ruby26-rubygem-did_you_mean-1.3.0-119.el7.noarch.rpm\nrh-ruby26-rubygem-irb-1.0.0-119.el7.noarch.rpm\nrh-ruby26-rubygem-minitest-5.11.3-119.el7.noarch.rpm\nrh-ruby26-rubygem-net-telnet-0.2.0-119.el7.noarch.rpm\nrh-ruby26-rubygem-power_assert-1.1.3-119.el7.noarch.rpm\nrh-ruby26-rubygem-rake-12.3.3-119.el7.noarch.rpm\nrh-ruby26-rubygem-rdoc-6.1.2-119.el7.noarch.rpm\nrh-ruby26-rubygem-test-unit-3.2.9-119.el7.noarch.rpm\nrh-ruby26-rubygem-xmlrpc-0.3.0-119.el7.noarch.rpm\nrh-ruby26-rubygems-3.0.3.1-119.el7.noarch.rpm\nrh-ruby26-rubygems-devel-3.0.3.1-119.el7.noarch.rpm\n\nx86_64:\nrh-ruby26-ruby-2.6.7-119.el7.x86_64.rpm\nrh-ruby26-ruby-debuginfo-2.6.7-119.el7.x86_64.rpm\nrh-ruby26-ruby-devel-2.6.7-119.el7.x86_64.rpm\nrh-ruby26-ruby-libs-2.6.7-119.el7.x86_64.rpm\nrh-ruby26-rubygem-bigdecimal-1.4.1-119.el7.x86_64.rpm\nrh-ruby26-rubygem-io-console-0.4.7-119.el7.x86_64.rpm\nrh-ruby26-rubygem-json-2.1.0-119.el7.x86_64.rpm\nrh-ruby26-rubygem-openssl-2.1.2-119.el7.x86_64.rpm\nrh-ruby26-rubygem-psych-3.1.0-119.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-3881\nhttps://access.redhat.com/security/cve/CVE-2019-15845\nhttps://access.redhat.com/security/cve/CVE-2019-16201\nhttps://access.redhat.com/security/cve/CVE-2019-16254\nhttps://access.redhat.com/security/cve/CVE-2019-16255\nhttps://access.redhat.com/security/cve/CVE-2020-10663\nhttps://access.redhat.com/security/cve/CVE-2020-10933\nhttps://access.redhat.com/security/cve/CVE-2020-25613\nhttps://access.redhat.com/security/cve/CVE-2021-28965\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.7_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYLi8ltzjgjWX9erEAQi7IA/8C86NMaSfOxaQEY15WzNUFZtcT0OfDkBo\nKMT5uuXXcwj+rpJGF6kqAAW9chI/HVNshKYXXpOeByffFW+5KLlRB1G6mw9LiOIc\nSZHX1BhK6dxObWtnPQcqE0JDhb16+sb0GQY3+70szm0iMtFjRiwzNTGHy/T6S+nr\npoCvsrg/5/mPvKtV32x80T6a5sJxFsW5siYfv1DJeoH7LGnBLkAU4vRCJ3IBdQaX\nyeEAhx6QjKQG6xfB2YD2SsNliALYId1ytKQcs0IgCsk9IuVOX+Vl1cKU/GFrGp8a\nUVbTap6gb10YrclTz5ssDlE4NXXPFOx4nX8wI4QxeNam2Sy3tD0uhfgGaN5OdXiz\nCJZnwE/qIaxzzNMf0TdXaAtYZ7InEr6xjBlc5ncInvI0aQaiDWLKL6odgrLkfboa\na+0leBVx3FeREY//WMw5LT1mRzqsnYaK3qT9C6tfxF/NTBFmZmVmJmbC6PiTZWfK\nT5KjjZJpmbIo1JvjIaWzWCZT8dDhoxSvNWk0CefLlI3/SsUyCURfjmJc7zpbNmzJ\nl0jIG9kjHVriRjhoWUWBzY7z7QkGx+tU0KYKB1Kx+J1BDXMdLaeJ7ubJIJRBQ4F/\nA+75BfTYoxEHjF171or+rIGkOGadwCerTggyNuFi8aQSk4KWmROCFUoiYbEtYxp4\nUD6NGAugxlg=k+Dm\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nBug Fix(es):\n\n* [GUI] Colocation constraint can\u0027t be added (BZ#1840157)\n\n4. 8) - ppc64le, s390x, x86_64\n\n3. Description:\n\nThe pcs packages provide a command-line configuration system for the\nPacemaker and Corosync utilities. \n\nBug Fix(es):\n\n* pcs status on remotes is not working on rhel8.2 any longer (BZ#1832914)\n\n* pcs cluster stop --all throws errors and doesn\u0027t seem to honor the\nrequest-timeout option (BZ#1838084)\n\n* [GUI] Colocation constraint can\u0027t be added (BZ#1840158)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1827500 - CVE-2020-10663 rubygem-json: Unsafe Object Creation Vulnerability in JSON\n1832914 - pcs status on remotes is not working on rhel8.2 any longer [rhel-8.2.0.z]\n1838084 - pcs cluster stop --all throws errors and doesn\u0027t seem to honor the request-timeout option [rhel-8.2.0.z]\n1840158 - [GUI] Colocation constraint can\u0027t be added [rhel-8.2.0.z]\n\n6",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-10663"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005087"
      },
      {
        "db": "VULHUB",
        "id": "VHN-163164"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-10663"
      },
      {
        "db": "PACKETSTORM",
        "id": "168868"
      },
      {
        "db": "PACKETSTORM",
        "id": "163317"
      },
      {
        "db": "PACKETSTORM",
        "id": "162953"
      },
      {
        "db": "PACKETSTORM",
        "id": "158184"
      },
      {
        "db": "PACKETSTORM",
        "id": "158023"
      },
      {
        "db": "PACKETSTORM",
        "id": "166075"
      },
      {
        "db": "PACKETSTORM",
        "id": "166070"
      }
    ],
    "trust": 2.43
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-163164",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163164"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-10663",
        "trust": 2.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005087",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "163317",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "158023",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "158184",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "162953",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "161870",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160545",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162764",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163318",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158018",
        "trust": 0.1
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-32355",
        "trust": 0.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1294",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-163164",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-10663",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168868",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166075",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166070",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163164"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-10663"
      },
      {
        "db": "PACKETSTORM",
        "id": "168868"
      },
      {
        "db": "PACKETSTORM",
        "id": "163317"
      },
      {
        "db": "PACKETSTORM",
        "id": "162953"
      },
      {
        "db": "PACKETSTORM",
        "id": "158184"
      },
      {
        "db": "PACKETSTORM",
        "id": "158023"
      },
      {
        "db": "PACKETSTORM",
        "id": "166075"
      },
      {
        "db": "PACKETSTORM",
        "id": "166070"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005087"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-10663"
      }
    ]
  },
  "id": "VAR-202004-0061",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163164"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-12-22T22:10:11.211000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "[SECURITY] [DLA 2192-1] ruby2.1 security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html"
      },
      {
        "title": "FEDORA-2020-26df92331a",
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/"
      },
      {
        "title": "FEDORA-2020-a95706b117",
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/"
      },
      {
        "title": "FEDORA-2020-d171bf636d",
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/"
      },
      {
        "title": "openSUSE-SU-2020:0586-1",
        "trust": 0.8,
        "url": "https://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html"
      },
      {
        "title": "CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (Additional fix)",
        "trust": 0.8,
        "url": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/"
      },
      {
        "title": "Red Hat: Moderate: pcs security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202473 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: pcs security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202670 - Security Advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4721-1 ruby2.5 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5216eb40be88e11afae842c5a0cad903"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1426",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1426"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1423",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1423"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1416",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1416"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2021-1641",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1641"
      },
      {
        "title": "Red Hat: Important: ruby:2.6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220582 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: ruby:2.6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220581 - Security Advisory"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1422",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1422"
      },
      {
        "title": "Amazon Linux 2: ALASRUBY2.6-2023-007",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALASRUBY2.6-2023-007"
      },
      {
        "title": "mandrill-api-ruby",
        "trust": 0.1,
        "url": "https://github.com/CareerJSM/mandrill-api-ruby "
      },
      {
        "title": "gem mandrill-api",
        "trust": 0.1,
        "url": "https://github.com/szmo/mandrill-api-updated "
      },
      {
        "title": "mandrill-api-ruby",
        "trust": 0.1,
        "url": "https://github.com/retailzipline/mandrill-api-ruby "
      },
      {
        "title": "Workaround for CVE-2020-10663 (vulnerability in json gem)",
        "trust": 0.1,
        "url": "https://github.com/rails-lts/json_cve_2020_10663 "
      },
      {
        "title": "gem mandrill-api",
        "trust": 0.1,
        "url": "https://github.com/getaway-house/gem-mandrill-api "
      },
      {
        "title": "CodeQuality",
        "trust": 0.1,
        "url": "https://github.com/rainchen/code_quality "
      },
      {
        "title": "https://github.com/francois/bundler-slowness-repro",
        "trust": 0.1,
        "url": "https://github.com/francois/bundler-slowness-repro "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/soosmile/POC "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/developer3000S/PoC-in-GitHub "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/hectorgie/PoC-in-GitHub "
      },
      {
        "title": "veracode-container-security-finding-parser",
        "trust": 0.1,
        "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/0xT11/CVE-POC "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-10663"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005087"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005087"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-10663"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10663"
      },
      {
        "trust": 1.3,
        "url": "https://www.debian.org/security/2020/dsa-4721"
      },
      {
        "trust": 1.2,
        "url": "https://security.netapp.com/advisory/ntap-20210129-0003/"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/kb/ht211931"
      },
      {
        "trust": 1.2,
        "url": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/"
      },
      {
        "trust": 1.2,
        "url": "http://seclists.org/fulldisclosure/2020/dec/32"
      },
      {
        "trust": 1.2,
        "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ql6mjd2bo4irj5cjfnmcdymqqft24bj/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nk2pbxwmfrud7u7q7lhv4kylyid77ri4/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f4tnvtt66vprmx5uzysdgsvrxkkdddu5/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae%40%3cdev.zookeeper.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7%40%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c%40%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c%40%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5%40%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db%40%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10663"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-10663"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10933"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-10933"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15845"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-25613"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-16255"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-16201"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-16254"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16254"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-15845"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16201"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-28965"
      },
      {
        "trust": 0.4,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28965"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16255"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25613"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36327"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-32066"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41817"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31810"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-31810"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32066"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-31799"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/6206172"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36327"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-41819"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-41817"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41819"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ql6mjd2bo4irj5cjfnmcdymqqft24bj/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f4tnvtt66vprmx5uzysdgsvrxkkdddu5/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nk2pbxwmfrud7u7q7lhv4kylyid77ri4/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3cdev.zookeeper.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3cissues.zookeeper.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2473"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/careerjsm/mandrill-api-ruby"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/ruby2.5"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2587"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.7_release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3881"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3881"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2230"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2670"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2462"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0582"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0581"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163164"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-10663"
      },
      {
        "db": "PACKETSTORM",
        "id": "168868"
      },
      {
        "db": "PACKETSTORM",
        "id": "163317"
      },
      {
        "db": "PACKETSTORM",
        "id": "162953"
      },
      {
        "db": "PACKETSTORM",
        "id": "158184"
      },
      {
        "db": "PACKETSTORM",
        "id": "158023"
      },
      {
        "db": "PACKETSTORM",
        "id": "166075"
      },
      {
        "db": "PACKETSTORM",
        "id": "166070"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005087"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-10663"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-163164"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-10663"
      },
      {
        "db": "PACKETSTORM",
        "id": "168868"
      },
      {
        "db": "PACKETSTORM",
        "id": "163317"
      },
      {
        "db": "PACKETSTORM",
        "id": "162953"
      },
      {
        "db": "PACKETSTORM",
        "id": "158184"
      },
      {
        "db": "PACKETSTORM",
        "id": "158023"
      },
      {
        "db": "PACKETSTORM",
        "id": "166075"
      },
      {
        "db": "PACKETSTORM",
        "id": "166070"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005087"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-10663"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-163164"
      },
      {
        "date": "2020-04-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-10663"
      },
      {
        "date": "2020-07-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "168868"
      },
      {
        "date": "2021-06-30T15:20:46",
        "db": "PACKETSTORM",
        "id": "163317"
      },
      {
        "date": "2021-06-03T15:13:27",
        "db": "PACKETSTORM",
        "id": "162953"
      },
      {
        "date": "2020-06-23T15:00:55",
        "db": "PACKETSTORM",
        "id": "158184"
      },
      {
        "date": "2020-06-10T15:13:03",
        "db": "PACKETSTORM",
        "id": "158023"
      },
      {
        "date": "2022-02-21T15:17:19",
        "db": "PACKETSTORM",
        "id": "166075"
      },
      {
        "date": "2022-02-21T15:09:47",
        "db": "PACKETSTORM",
        "id": "166070"
      },
      {
        "date": "2020-06-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005087"
      },
      {
        "date": "2020-04-28T21:15:11.667000",
        "db": "NVD",
        "id": "CVE-2020-10663"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-04-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-163164"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-10663"
      },
      {
        "date": "2020-06-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005087"
      },
      {
        "date": "2024-11-21T04:55:47.670000",
        "db": "NVD",
        "id": "CVE-2020-10663"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "JSON gem Input verification vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005087"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "spoof, code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "166075"
      },
      {
        "db": "PACKETSTORM",
        "id": "166070"
      }
    ],
    "trust": 0.2
  }
}

CVE-2020-10663 (GCVE-0-2020-10663)

Vulnerability from cvelistv5 – Published: 2020-04-28 20:58 – Updated: 2024-08-04 11:06

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.ruby-lang.org/en/news/2020/03/19/json…	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://www.debian.org/security/2020/dsa-4721	vendor-advisoryx_refsource_DEBIAN
	https://lists.apache.org/thread.html/r8d2e174230f…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rd9b9cc843f5…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/ree3abcd33c0…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rb023d54a46d…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rb2b98191244…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r5f17bfca1d6…	mailing-listx_refsource_MLIST
	https://support.apple.com/kb/HT211931	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2020/Dec/32	mailing-listx_refsource_FULLDISC
	https://lists.apache.org/thread.html/rec8bb4d637b…	mailing-listx_refsource_MLIST
	https://security.netapp.com/advisory/ntap-2021012…	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/r37c0e1807da…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r3b04f4e99a1…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:06:10.608Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/"
          },
          {
            "name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2192-1] ruby2.1 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html"
          },
          {
            "name": "openSUSE-SU-2020:0586",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html"
          },
          {
            "name": "FEDORA-2020-26df92331a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/"
          },
          {
            "name": "FEDORA-2020-d171bf636d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/"
          },
          {
            "name": "FEDORA-2020-a95706b117",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/"
          },
          {
            "name": "DSA-4721",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4721"
          },
          {
            "name": "[zookeeper-dev] 20200913 [jira] [Created] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200913 [jira] [Created] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200913 [jira] [Resolved] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200930 [jira] [Comment Edited] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200930 [jira] [Commented] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200930 [jira] [Issue Comment Deleted] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT211931"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
          },
          {
            "name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210129-0003/"
          },
          {
            "name": "[zookeeper-issues] 20210404 [jira] [Updated] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210404 [jira] [Assigned] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3Cissues.zookeeper.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-04T06:07:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/"
        },
        {
          "name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2192-1] ruby2.1 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html"
        },
        {
          "name": "openSUSE-SU-2020:0586",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html"
        },
        {
          "name": "FEDORA-2020-26df92331a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/"
        },
        {
          "name": "FEDORA-2020-d171bf636d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/"
        },
        {
          "name": "FEDORA-2020-a95706b117",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/"
        },
        {
          "name": "DSA-4721",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4721"
        },
        {
          "name": "[zookeeper-dev] 20200913 [jira] [Created] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200913 [jira] [Created] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200913 [jira] [Resolved] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200930 [jira] [Comment Edited] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200930 [jira] [Commented] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200930 [jira] [Issue Comment Deleted] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT211931"
        },
        {
          "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
        },
        {
          "name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210129-0003/"
        },
        {
          "name": "[zookeeper-issues] 20210404 [jira] [Updated] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210404 [jira] [Assigned] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3Cissues.zookeeper.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10663",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/",
              "refsource": "CONFIRM",
              "url": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/"
            },
            {
              "name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2192-1] ruby2.1 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html"
            },
            {
              "name": "openSUSE-SU-2020:0586",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html"
            },
            {
              "name": "FEDORA-2020-26df92331a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/"
            },
            {
              "name": "FEDORA-2020-d171bf636d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/"
            },
            {
              "name": "FEDORA-2020-a95706b117",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/"
            },
            {
              "name": "DSA-4721",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4721"
            },
            {
              "name": "[zookeeper-dev] 20200913 [jira] [Created] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200913 [jira] [Created] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200913 [jira] [Resolved] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200930 [jira] [Comment Edited] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200930 [jira] [Commented] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200930 [jira] [Issue Comment Deleted] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "https://support.apple.com/kb/HT211931",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT211931"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
            },
            {
              "name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210129-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210129-0003/"
            },
            {
              "name": "[zookeeper-issues] 20210404 [jira] [Updated] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210404 [jira] [Assigned] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10663",
    "datePublished": "2020-04-28T20:58:30",
    "dateReserved": "2020-03-18T00:00:00",
    "dateUpdated": "2024-08-04T11:06:10.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VAR-202004-0061

CVE-2020-10663 (GCVE-0-2020-10663)

Tags

Sightings

Nomenclature