VulnerableCode Package Details - pkg:gem/json@2.10.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-xghz-9k48-bqej Aliases: CVE-2026-33210 GHSA-3m6g-2423-7cp3	Ruby JSON has a format string injection vulnerability ### Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the `allow_duplicate_key: false` parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted. ### Patches Patched in `2.19.2`. ### Workarounds The issue can be avoided by not using the `allow_duplicate_key: false` parsing option.	2.15.2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.17.1.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.19.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-xghz-9k48-bqej
Aliases:
CVE-2026-33210
GHSA-3m6g-2423-7cp3

Ruby JSON has a format string injection vulnerability ### Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the `allow_duplicate_key: false` parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted. ### Patches Patched in `2.19.2`. ### Workarounds The issue can be avoided by not using the `allow_duplicate_key: false` parsing option.

2.15.2.1
Affected by 1 other vulnerability.

2.17.1.2
Affected by 1 other vulnerability.

2.19.2
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-8qd2-k69j-nfhf	Out-of-bounds Read in Ruby JSON Parser ### Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. ### Patches Version 2.10.2 fixes the problem. ### Workarounds None.	CVE-2025-27788 GHSA-9m3q-rhmv-5q44

Vulnerability

Summary

Aliases

VCID-8qd2-k69j-nfhf

Out-of-bounds Read in Ruby JSON Parser ### Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. ### Patches Version 2.10.2 fixes the problem. ### Workarounds None.

CVE-2025-27788
GHSA-9m3q-rhmv-5q44

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T17:41:47.881661+00:00	Ruby Importer	Affected by	VCID-xghz-9k48-bqej	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml	38.4.0
2026-04-11T21:39:56.041775+00:00	Ruby Importer	Affected by	VCID-xghz-9k48-bqej	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml	38.3.0
2026-04-07T04:57:16.168938+00:00	GHSA Importer	Fixing	VCID-8qd2-k69j-nfhf	https://github.com/advisories/GHSA-9m3q-rhmv-5q44	38.1.0
2026-04-02T19:37:13.778783+00:00	Ruby Importer	Affected by	VCID-xghz-9k48-bqej	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml	38.1.0
2026-04-02T12:40:59.897042+00:00	GitLab Importer	Fixing	VCID-8qd2-k69j-nfhf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/json/CVE-2025-27788.yml	38.0.0
2026-04-01T15:55:05.287003+00:00	Ruby Importer	Affected by	VCID-xghz-9k48-bqej	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml	38.0.0
2026-04-01T12:56:19.511837+00:00	GithubOSV Importer	Fixing	VCID-8qd2-k69j-nfhf	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-9m3q-rhmv-5q44/GHSA-9m3q-rhmv-5q44.json	38.0.0