Advisories ยป MGASA-2020-0186

Updated ruby-json packages fix security vulnerability

Publication date: 05 May 2020
Modification date: 05 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10663

Description

Updated ruby-json packages fix security vulnerability:

In ruby-json before 2.3.0, there is an unsafe object creation vulnerability.
When parsing certain JSON documents, the json gem can be coerced into
creating arbitrary objects in the target system (CVE-2020-10663).
                

References

SRPMS

7/core