CVE-2020-10663
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
5.5
Description
RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate)
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| rocky | 8 | fixed | |
| debian | bookworm | fixed | 2.3.0+dfsg-1 |
| debian | bullseye | fixed | 2.3.0+dfsg-1 |
| debian | forky | fixed | 2.3.0+dfsg-1 |
| debian | sid | fixed | 2.3.0+dfsg-1 |
| debian | trixie | fixed | 2.3.0+dfsg-1 |
| almalinux | 8 | fixed | rubygem-abrt-doc-0.3.0-4.module_el8.5.0+2623+08a8ba32.noarch.rpm |
| rhel | 8 | fixed | |
References
- https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
- https://www.suse.com/security/cve/CVE-2020-10663.html
- https://errata.rockylinux.org/RLSA-2021:2588
- https://errata.rockylinux.org/RLSA-2021:2587
- https://nvd.nist.gov/vuln/detail/CVE-2020-10663
- https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663
- https://www.debian.org/security/2020/dsa-4721
- https://support.apple.com/kb/HT211931
- https://security.netapp.com/advisory/ntap-20210129-0003
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ
- https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html
- https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2020-10663.yml
- https://github.com/flori/json/blob/master/CHANGES.md#2019-12-11-230
- https://github.com/flori/json
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.