Vulnerablity issue CVE-2020-10663

Question

Vulnerablity issue CVE-2020-10663

Closed this issue 4 years ago · 3 comments

hi,

Hi,
One vulnerability is reported on json-2.0.4 - CVE-2020-10663
So what is the recommendation? Is this vulnerability really applicable?

Answer 1 · 2020-08-26T20:15:38.000Z

No problem because latest td-agent 3/4 doesn't have this problem.

Answer 2 · 2020-08-27T05:02:11.000Z

we are using td-agent 3.8.0

Answer 3 · 2020-08-27T05:07:35.000Z

You know td-agent 3.8.0 uses ruby 2.4.10 and ruby 2.4.10 doesn't have this problem.
Maybe, your security scanner has a problem. #265 is also false alert.