USN-4560-1: Gon gem vulnerability

Publication date

30 September 2020

Overview

Gon gem could be made to run programs if it received specially crafted network traffic.

Releases


Packages

  • ruby-gon - Ruby library to send data to JavaScript from a Ruby application

Details

It was discovered that Gon gem did not properly escape certain input. An
attacker could use this vulnerability to execute a cross-site scripting
(XSS) attack.

It was discovered that Gon gem did not properly escape certain input. An
attacker could use this vulnerability to execute a cross-site scripting
(XSS) attack.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
18.04 bionic ruby-gon –  6.1.0-1+deb9u1build0.18.04.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›