Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/json@2.19.2
purl pkg:gem/json@2.19.2
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-xghz-9k48-bqej
Aliases:
CVE-2026-33210
GHSA-3m6g-2423-7cp3
Ruby JSON has a format string injection vulnerability ### Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the `allow_duplicate_key: false` parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted. ### Patches Patched in `2.19.2`. ### Workarounds The issue can be avoided by not using the `allow_duplicate_key: false` parsing option. There are no reported fixed by versions.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-xghz-9k48-bqej Ruby JSON has a format string injection vulnerability ### Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the `allow_duplicate_key: false` parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted. ### Patches Patched in `2.19.2`. ### Workarounds The issue can be avoided by not using the `allow_duplicate_key: false` parsing option. CVE-2026-33210
GHSA-3m6g-2423-7cp3

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T17:41:48.501924+00:00 Ruby Importer Fixing VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.4.0
2026-04-16T17:41:47.950050+00:00 Ruby Importer Affected by VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.4.0
2026-04-11T21:39:57.486554+00:00 Ruby Importer Fixing VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.3.0
2026-04-11T21:39:56.200327+00:00 Ruby Importer Affected by VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.3.0
2026-04-02T19:37:14.314463+00:00 Ruby Importer Fixing VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.1.0
2026-04-02T19:37:13.835339+00:00 Ruby Importer Affected by VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.1.0
2026-04-02T17:01:15.459999+00:00 GHSA Importer Fixing VCID-xghz-9k48-bqej https://github.com/advisories/GHSA-3m6g-2423-7cp3 38.1.0
2026-04-01T15:55:06.733299+00:00 Ruby Importer Fixing VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.0.0
2026-04-01T15:55:05.466598+00:00 Ruby Importer Affected by VCID-xghz-9k48-bqej https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml 38.0.0
2026-04-01T12:54:05.231964+00:00 GithubOSV Importer Fixing VCID-xghz-9k48-bqej https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-3m6g-2423-7cp3/GHSA-3m6g-2423-7cp3.json 38.0.0