Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/json@2.17.1.2
purl pkg:gem/json@2.17.1.2
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-xghz-9k48-bqej
Aliases:
CVE-2026-33210
GHSA-3m6g-2423-7cp3
Ruby JSON has a format string injection vulnerability ### Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the `allow_duplicate_key: false` parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted. ### Patches Patched in `2.19.2`. ### Workarounds The issue can be avoided by not using the `allow_duplicate_key: false` parsing option.
2.19.2
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-xghz-9k48-bqej Ruby JSON has a format string injection vulnerability ### Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the `allow_duplicate_key: false` parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted. ### Patches Patched in `2.19.2`. ### Workarounds The issue can be avoided by not using the `allow_duplicate_key: false` parsing option. CVE-2026-33210
GHSA-3m6g-2423-7cp3

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T17:41:48.229089+00:00 Ruby Importer Fixing VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.4.0
2026-04-16T17:41:47.936151+00:00 Ruby Importer Affected by VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.4.0
2026-04-11T21:39:56.812332+00:00 Ruby Importer Fixing VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.3.0
2026-04-11T21:39:56.166002+00:00 Ruby Importer Affected by VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.3.0
2026-04-02T19:37:14.063340+00:00 Ruby Importer Fixing VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.1.0
2026-04-02T19:37:13.824102+00:00 Ruby Importer Affected by VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.1.0
2026-04-02T17:01:15.488126+00:00 GHSA Importer Fixing VCID-xghz-9k48-bqej https://github.com/advisories/GHSA-3m6g-2423-7cp3 38.1.0
2026-04-01T15:55:06.065323+00:00 Ruby Importer Fixing VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.0.0
2026-04-01T15:55:05.431139+00:00 Ruby Importer Affected by VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.0.0
2026-04-01T12:54:05.247795+00:00 GithubOSV Importer Fixing VCID-xghz-9k48-bqej https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-3m6g-2423-7cp3/GHSA-3m6g-2423-7cp3.json 38.0.0