json

RubyGems2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting jsonpage 1 of 1

CVE-2013-0269NONECVSS 0.0EG 0.0✓ Fixed in 1.7.7
2013-02-13
vulnerable: 1.7.0 ... 1.7.6 (7 versions)
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that …
CVE-2020-10663HIGHCVSS 7.5EG 7.5✓ Fixed in 2.3.0
2020-04-28
vulnerable: 0.4.0 ... 2.2.0 (68 versions)
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collec…

Check whether json is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for json CVEs against the assets you own.

Start Free Scan →