gon 5.0.0

1 security vulnerability found in version 5.0.0

Gon gem lack of escaping certain input when outputting as JSON

medium severity CVE-2020-25739
medium severity CVE-2020-25739
Patched versions: >= 6.4.0

An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

Gem version without a license.


Unless a license that specifies otherwise is included, nobody can use, copy, distribute, or modify this library without being at risk of take-downs, shake-downs, or litigation.

This gem version is available.


This gem version has not been yanked and is still available for usage.