Search for packages
| purl | pkg:deb/debian/ruby-json@1.7.3-3 |
| Next non-vulnerable version | 2.3.0+dfsg-1 |
| Latest non-vulnerable version | 2.3.0+dfsg-1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-d6tn-s1q2-a3hc
Aliases: CVE-2020-10663 GHSA-jphg-qwrw-7w9g |
Unsafe object creation in json RubyGem The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-15T16:02:12.077759+00:00 | Debian Oval Importer | Affected by | VCID-d6tn-s1q2-a3hc | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.4.0 |
| 2026-04-11T15:49:46.318773+00:00 | Debian Oval Importer | Affected by | VCID-d6tn-s1q2-a3hc | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.3.0 |
| 2026-04-08T15:43:13.656198+00:00 | Debian Oval Importer | Affected by | VCID-d6tn-s1q2-a3hc | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.1.0 |