CVE-2026-33210

High CVSS: 8.3

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.

Vendor

Ruby-lang

Product

Json

CWE

CWE-134

Yayın Tarihi

2026-03-20 23:16:46

Güncelleme

2026-03-27 21:25:30

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-134 Json HIGH Ruby-lang 2026

Referanslar

https://github.com/ruby/json/security/advisories/GHSA-3m6g-2423-7cp3

Benzer Kayıtlar

Low

CVE-2025-61594

URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4…

Low

CVE-2025-58767

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing…

Medium

CVE-2025-6442

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arb…

Medium

CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.…

High

CVE-2025-27788

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted docu…

Medium

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Ser…