Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 18.04 LTS: USN-4560-1 Critical: Gon Gem XSS Threat

ubuntu
Calendar Grey September 30, 2020
Dist Ubuntu Esm H88
A significant vulnerability in the Gon gem permits the execution of scripts through specially designed network messages. Apply an update to protect against CSRF attacks.
Gon gem could be made to run programs if it received specially crafted network traffic.

Summary

Gon gem could be made to run programs if it received specially crafted network

traffic.

Software Description:

- ruby-gon: Ruby library to send data to JavaScript from a Ruby application

Details:

It was discovered that Gon gem did not properly escape certain input. An

attacker could use this vulnerability to execute a cross-site scripting

(XSS) attack.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  ruby-gon                        6.1.0-1+deb9u1build0.18.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4560-1

CVE-2020-25739

Severity
critical
Lowest
Low
Medium
High
Critical

September 30, 2020

Package Information

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here