{"url":"http://public2.vulnerablecode.io/api/packages/938206?format=json","purl":"pkg:deb/debian/ruby-json@2.9.1%2Bdfsg-1?distro=trixie","type":"deb","namespace":"debian","name":"ruby-json","version":"2.9.1+dfsg-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.19.2+dfsg-1","latest_non_vulnerable_version":"2.19.4+dfsg-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29520?format=json","vulnerability_id":"VCID-8qd2-k69j-nfhf","summary":"Out-of-bounds Read in Ruby JSON Parser\n### Impact\n\nA specially crafted document could cause an out of bound read, most likely resulting in a crash.\n\nVersions 2.10.0 and 2.10.1 are impacted. Older versions are not.\n\n### Patches\n\nVersion 2.10.2 fixes the problem.\n\n### Workarounds\n\nNone.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27788.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27788.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27788","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27918","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28002","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27731","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27807","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58986","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58967","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58943","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58987","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58983","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.5895","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58968","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58921","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58909","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58961","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27788"},{"reference_url":"https://github.com/ruby/json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/json"},{"reference_url":"https://github.com/ruby/json/commit/c56db31f800d5d508389793e69682f99749dbadf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:04:18Z/"}],"url":"https://github.com/ruby/json/commit/c56db31f800d5d508389793e69682f99749dbadf"},{"reference_url":"https://github.com/ruby/json/releases/tag/v2.10.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:04:18Z/"}],"url":"https://github.com/ruby/json/releases/tag/v2.10.2"},{"reference_url":"https://github.com/ruby/json/security/advisories/GHSA-9m3q-rhmv-5q44","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:04:18Z/"}],"url":"https://github.com/ruby/json/security/advisories/GHSA-9m3q-rhmv-5q44"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2025-27788.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2025-27788.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27788","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27788"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2351856","reference_id":"2351856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2351856"},{"reference_url":"https://github.com/advisories/GHSA-9m3q-rhmv-5q44","reference_id":"GHSA-9m3q-rhmv-5q44","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9m3q-rhmv-5q44"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/938207?format=json","purl":"pkg:deb/debian/ruby-json@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938204?format=json","purl":"pkg:deb/debian/ruby-json@2.3.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.3.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938202?format=json","purl":"pkg:deb/debian/ruby-json@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938206?format=json","purl":"pkg:deb/debian/ruby-json@2.9.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.9.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938205?format=json","purl":"pkg:deb/debian/ruby-json@2.19.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.19.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077490?format=json","purl":"pkg:deb/debian/ruby-json@2.19.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.19.4%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2025-27788","GHSA-9m3q-rhmv-5q44"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qd2-k69j-nfhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33523?format=json","vulnerability_id":"VCID-d6tn-s1q2-a3hc","summary":"Unsafe object creation in json RubyGem\nThe JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10663.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10663.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10663","reference_id":"","reference_type":"","scores":[{"value":"0.05892","scoring_system":"epss","scoring_elements":"0.90611","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91813","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91817","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91815","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91812","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91805","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91784","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91779","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.9177","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91792","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91833","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91827","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91832","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933"},{"reference_url":"http://seclists.org/fulldisclosure/2020/Dec/32","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2020/Dec/32"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/flori/json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/flori/json"},{"reference_url":"https://github.com/flori/json/blob/master/CHANGES.md#2019-12-11-230","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/flori/json/blob/master/CHANGES.md#2019-12-11-230"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2020-10663.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2020-10663.yml"},{"reference_url":"https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10663","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10663"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210129-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210129-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210129-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210129-0003/"},{"reference_url":"https://support.apple.com/kb/HT211931","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT211931"},{"reference_url":"https://www.debian.org/security/2020/dsa-4721","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4721"},{"reference_url":"https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663"},{"reference_url":"https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1827500","reference_id":"1827500","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1827500"},{"reference_url":"https://github.com/advisories/GHSA-jphg-qwrw-7w9g","reference_id":"GHSA-jphg-qwrw-7w9g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jphg-qwrw-7w9g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2462","reference_id":"RHSA-2020:2462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2473","reference_id":"RHSA-2020:2473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2670","reference_id":"RHSA-2020:2670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://usn.ubuntu.com/4882-1/","reference_id":"USN-4882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4882-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/938204?format=json","purl":"pkg:deb/debian/ruby-json@2.3.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.3.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938202?format=json","purl":"pkg:deb/debian/ruby-json@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938206?format=json","purl":"pkg:deb/debian/ruby-json@2.9.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.9.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938205?format=json","purl":"pkg:deb/debian/ruby-json@2.19.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.19.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077490?format=json","purl":"pkg:deb/debian/ruby-json@2.19.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.19.4%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2020-10663","GHSA-jphg-qwrw-7w9g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d6tn-s1q2-a3hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6773?format=json","vulnerability_id":"VCID-ebq1-gkhe-pua7","summary":"Denial of Service and SQL Injection\nThis package allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0686.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0686.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0701.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0701.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1028.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1028.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1147.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1147.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0269.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0269.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0269","reference_id":"","reference_type":"","scores":[{"value":"0.15424","scoring_system":"epss","scoring_elements":"0.94672","published_at":"2026-04-29T12:55:00Z"},{"value":"0.17317","scoring_system":"epss","scoring_elements":"0.95024","published_at":"2026-04-07T12:55:00Z"},{"value":"0.17317","scoring_system":"epss","scoring_elements":"0.95058","published_at":"2026-04-26T12:55:00Z"},{"value":"0.17317","scoring_system":"epss","scoring_elements":"0.95059","published_at":"2026-04-24T12:55:00Z"},{"value":"0.17317","scoring_system":"epss","scoring_elements":"0.95041","published_at":"2026-04-11T12:55:00Z"},{"value":"0.17317","scoring_system":"epss","scoring_elements":"0.95036","published_at":"2026-04-09T12:55:00Z"},{"value":"0.17317","scoring_system":"epss","scoring_elements":"0.95009","published_at":"2026-04-01T12:55:00Z"},{"value":"0.17317","scoring_system":"epss","scoring_elements":"0.9502","published_at":"2026-04-02T12:55:00Z"},{"value":"0.17317","scoring_system":"epss","scoring_elements":"0.95021","published_at":"2026-04-04T12:55:00Z"},{"value":"0.17317","scoring_system":"epss","scoring_elements":"0.95032","published_at":"2026-04-08T12:55:00Z"},{"value":"0.17317","scoring_system":"epss","scoring_elements":"0.95057","published_at":"2026-04-18T12:55:00Z"},{"value":"0.17317","scoring_system":"epss","scoring_elements":"0.95054","published_at":"2026-04-16T12:55:00Z"},{"value":"0.17317","scoring_system":"epss","scoring_elements":"0.95045","published_at":"2026-04-13T12:55:00Z"},{"value":"0.17317","scoring_system":"epss","scoring_elements":"0.95043","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0269"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0269","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269"},{"reference_url":"http://secunia.com/advisories/52075","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52075"},{"reference_url":"http://secunia.com/advisories/52774","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52774"},{"reference_url":"http://secunia.com/advisories/52902","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52902"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/82010","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/82010"},{"reference_url":"https://github.com/flori/json","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/flori/json"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2013-0269.yml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2013-0269.yml"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0269","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0269"},{"reference_url":"http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed","reference_id":"","reference_type":"","scores":[],"url":"http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed"},{"reference_url":"https://puppet.com/security/cve/cve-2013-0269","reference_id":"","reference_type":"","scores":[],"url":"https://puppet.com/security/cve/cve-2013-0269"},{"reference_url":"https://web.archive.org/web/20130228082541/http://www.securityfocus.com/bid/57899","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130228082541/http://www.securityfocus.com/bid/57899"},{"reference_url":"https://web.archive.org/web/20160331131233/http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160331131233/http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed"},{"reference_url":"https://web.archive.org/web/20160808163226/https://puppet.com/security/cve/cve-2013-0269","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160808163226/https://puppet.com/security/cve/cve-2013-0269"},{"reference_url":"http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/11/7","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/11/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/11/8","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/11/8"},{"reference_url":"http://www.osvdb.org/90074","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/90074"},{"reference_url":"http://www.securityfocus.com/bid/57899","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/57899"},{"reference_url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862"},{"reference_url":"http://www.ubuntu.com/usn/USN-1733-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1733-1"},{"reference_url":"http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700436","reference_id":"700436","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700436"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=909029","reference_id":"909029","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909029"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:rubygems:json_gem:1.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-x457-cw4h-hq5f","reference_id":"GHSA-x457-cw4h-hq5f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x457-cw4h-hq5f"},{"reference_url":"https://security.gentoo.org/glsa/201412-27","reference_id":"GLSA-201412-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0686","reference_id":"RHSA-2013:0686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0701","reference_id":"RHSA-2013:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1028","reference_id":"RHSA-2013:1028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1147","reference_id":"RHSA-2013:1147","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1147"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1185","reference_id":"RHSA-2013:1185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1185"},{"reference_url":"https://usn.ubuntu.com/1733-1/","reference_id":"USN-1733-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1733-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/938203?format=json","purl":"pkg:deb/debian/ruby-json@1.7.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@1.7.3-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938204?format=json","purl":"pkg:deb/debian/ruby-json@2.3.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.3.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938202?format=json","purl":"pkg:deb/debian/ruby-json@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938206?format=json","purl":"pkg:deb/debian/ruby-json@2.9.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.9.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938205?format=json","purl":"pkg:deb/debian/ruby-json@2.19.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.19.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077490?format=json","purl":"pkg:deb/debian/ruby-json@2.19.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.19.4%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-0269","GHSA-x457-cw4h-hq5f","OSV-101137"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ebq1-gkhe-pua7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24909?format=json","vulnerability_id":"VCID-xghz-9k48-bqej","summary":"Ruby JSON has a format string injection vulnerability\n### Impact\n\nA format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the `allow_duplicate_key: false` parsing option is used to parse user supplied documents. \n\nThis option isn't the default, if you didn't opt-in to use it, you are not impacted.\n\n### Patches\n\nPatched in `2.19.2`.\n\n### Workarounds\n\nThe issue can be avoided by not using the `allow_duplicate_key: false` parsing option.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33210.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33210","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07501","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07514","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07528","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07526","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07421","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07423","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07463","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07503","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07445","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07729","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10599","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10705","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10656","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10653","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33210"},{"reference_url":"https://github.com/ruby/json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/json"},{"reference_url":"https://github.com/ruby/json/security/advisories/GHSA-3m6g-2423-7cp3","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T21:01:54Z/"}],"url":"https://github.com/ruby/json/security/advisories/GHSA-3m6g-2423-7cp3"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2026-33210.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33210","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33210"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131463","reference_id":"1131463","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131463"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449871","reference_id":"2449871","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449871"},{"reference_url":"https://github.com/advisories/GHSA-3m6g-2423-7cp3","reference_id":"GHSA-3m6g-2423-7cp3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3m6g-2423-7cp3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/938207?format=json","purl":"pkg:deb/debian/ruby-json@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938204?format=json","purl":"pkg:deb/debian/ruby-json@2.3.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.3.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938202?format=json","purl":"pkg:deb/debian/ruby-json@2.6.3%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.6.3%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938206?format=json","purl":"pkg:deb/debian/ruby-json@2.9.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.9.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938205?format=json","purl":"pkg:deb/debian/ruby-json@2.19.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.19.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077490?format=json","purl":"pkg:deb/debian/ruby-json@2.19.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.19.4%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-33210","GHSA-3m6g-2423-7cp3"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xghz-9k48-bqej"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-json@2.9.1%252Bdfsg-1%3Fdistro=trixie"}