gon 6.2.0
1 security vulnerability
found in version
6.2.0
Gon gem lack of escaping certain input when outputting as JSON
medium severity CVE-2020-25739
medium severity
CVE-2020-25739
Patched versions:
>= 6.4.0
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.