json
RubyGems4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting jsonpage 1 of 1
- CVE-2013-0269NONECVSS 0.0EG 0.0✓ Fixed in 1.7.72013-02-13
vulnerable: 1.7.0 ... 1.7.6 (7 versions)
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that …
- CVE-2020-10663HIGHCVSS 7.5EG 7.5✓ Fixed in 2.3.02020-04-28
vulnerable: 0.4.0 ... 2.2.0 (68 versions)
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collec…
- CVE-2025-27788HIGHCVSS 7.5EG 7.5✓ Fixed in 2.10.22025-03-12
vulnerable: 2.10.0, 2.10.1
JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. V…
- CVE-2026-33210CRITICALCVSS 9.1EG 9.1✓ Fixed in 2.19.22026-03-20
vulnerable: 2.18.0, 2.18.1, 2.19.0, 2.19.1
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_dup…
Check whether json is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for json CVEs against the assets you own.
Start Free Scan →