Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/json@2.15.2.1
purl pkg:gem/json@2.15.2.1
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-xghz-9k48-bqej
Aliases:
CVE-2026-33210
GHSA-3m6g-2423-7cp3
Ruby JSON has a format string injection vulnerability ### Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the `allow_duplicate_key: false` parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted. ### Patches Patched in `2.19.2`. ### Workarounds The issue can be avoided by not using the `allow_duplicate_key: false` parsing option.
2.17.1.2
Affected by 1 other vulnerability.
2.19.2
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-xghz-9k48-bqej Ruby JSON has a format string injection vulnerability ### Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the `allow_duplicate_key: false` parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted. ### Patches Patched in `2.19.2`. ### Workarounds The issue can be avoided by not using the `allow_duplicate_key: false` parsing option. CVE-2026-33210
GHSA-3m6g-2423-7cp3

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T17:41:48.218883+00:00 Ruby Importer Affected by VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.4.0
2026-04-16T17:41:47.924783+00:00 Ruby Importer Fixing VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.4.0
2026-04-11T21:39:56.790328+00:00 Ruby Importer Affected by VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.3.0
2026-04-11T21:39:56.140930+00:00 Ruby Importer Fixing VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.3.0
2026-04-02T19:37:14.055040+00:00 Ruby Importer Affected by VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.1.0
2026-04-02T19:37:13.814794+00:00 Ruby Importer Fixing VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.1.0
2026-04-02T17:01:15.515260+00:00 GHSA Importer Fixing VCID-xghz-9k48-bqej https://github.com/advisories/GHSA-3m6g-2423-7cp3 38.1.0
2026-04-01T15:55:06.042303+00:00 Ruby Importer Affected by VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.0.0
2026-04-01T15:55:05.402308+00:00 Ruby Importer Fixing VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.0.0
2026-04-01T12:54:05.263479+00:00 GithubOSV Importer Fixing VCID-xghz-9k48-bqej https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-3m6g-2423-7cp3/GHSA-3m6g-2423-7cp3.json 38.0.0