CVE-2025-27788

High CVSS: 7.5

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are available.

Vendor

Ruby-lang

Product

Javascript Object Notation

CWE

CWE-125

Yayın Tarihi

2025-03-12 14:15:16

Güncelleme

2025-04-02 12:35:54

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-125 Javascript Object Notation HIGH Ruby-lang 2025

Referanslar

https://github.com/ruby/json/commit/c56db31f800d5d508389793e69682f99749dbadf https://github.com/ruby/json/releases/tag/v2.10.2 https://github.com/ruby/json/security/advisories/GHSA-9m3q-rhmv-5q44

Benzer Kayıtlar

High

CVE-2026-33210

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a fo…

Low

CVE-2025-61594

URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4…

Low

CVE-2025-58767

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing…

Medium

CVE-2025-6442

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arb…

Medium

CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.…

Medium

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Ser…