CVE-2020-25739
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-25739
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25739.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-25739
- Aliases
- Downstream
- Published
- 2020-09-23T14:15:12Z
- Modified
- 2025-09-19T12:12:16.618477Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson.
- References
Affected packages
Git / github.com/gazay/gon
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gazay/gon
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1.0
v0.1.1
v0.2.0
v0.2.1
v0.2.2
v0.3.0
v1.*
v1.0.0
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.1.0
v2.1.2
v2.2.0
v2.2.2
v2.3.0
v3.*
v3.0.0
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v4.*
v4.0.0beta
v4.0.1
v4.0.2
v4.0.3
v4.1.0
v4.1.1
v5.*
v5.0.0
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.1.0
v5.1.1
v5.1.2
v5.2.0
v5.2.1
v5.2.2
v5.2.3
v6.*
v6.0.0
v6.0.1
v6.1.0
v6.2.0
v6.2.1
v6.3.1
v6.3.2