Open pboling opened 4 years ago
from bundle-audit:
bundle-audit
Name: json Version: 1.8.6 Advisory: CVE-2020-10663 Criticality: Unknown URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ Title: json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Solution: upgrade to >= 2.3.0
@grnhse Please loosen the dependency on httparty so that we can use this gem without the vulnerability. https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
httparty
from
bundle-audit
:@grnhse Please loosen the dependency on
httparty
so that we can use this gem without the vulnerability. https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/