60 matches found
CVE-2026-54696
Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dumpobj, io and JSON::Stategenerateobj, io can write past the internal JSON generat...
CVE-2026-54696 Ruby JSON: JSON generator heap buffer overflow when streaming to an IO
Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dumpobj, io and JSON::Stategenerateobj, io can write past the internal JSON generat...
CVE-2026-54696
CVE-2026-54696 affects the Ruby JSON gem, specifically versions 2.9.0 through 2.19.8. The issue is a heap buffer overflow that occurs when the JSON generator handles an oversized streamed object written via JSON.dump(obj, io) or JSON::State#generate(obj, io). If a streamed object contains an atta...
AlmaLinux 10 : ruby4.0 (ALSA-2026:20606)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20606 advisory. ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary code execution via...
RockyLinux 10 : ruby4.0 (RLSA-2026:20606)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20606 advisory. ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary code execution via...
ruby:4.0 security update
An update is available for module.ruby, module.rubygem-mysql2, module.rubygem-pg, rubygem-mysql2, ruby, rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...
RHEL 10 : ruby4.0 (RHSA-2026:20606)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20606 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and ...
ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection
A flaw was found in Ruby JSON. This vulnerability, a format string injection, allows a remote attacker to cause a denial of service DoS or disclose sensitive information. The flaw occurs when processing specially crafted user-supplied documents with the allowduplicatekey: false parsing option...
CLEANSTART-2026-GE08280 Ruby JSON is a JSON implementation for Ruby
Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details...
CLEANSTART-2026-RZ30606 Ruby JSON is a JSON implementation for Ruby
Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details...
[SECURITY] Fedora 44 Update: rubygem-json-2.19.2-1.fc44
This is a implementation of the JSON specification according to RFC 4627 in Ruby. You can think of it as a low fat alternative to XML, if you want to store data to disk or transmit it over a network rather than use a verbose markup language...
CVE-2026-33210
A flaw was found in Ruby JSON. This vulnerability, a format string injection, allows a remote attacker to cause a denial of service DoS or disclose sensitive information. The flaw occurs when processing specially crafted user-supplied documents with the allowduplicatekey: false parsing option...
Format String Injection
Ruby JSON is vulnerable to Format String Injection. The vulnerability is due to a format string injection vulnerability, where the allowduplicatekey: false parsing option is used to parse user supplied documents and can lead to denial of service attacks or information disclosure...
Linux Distros Unpatched Vulnerability : CVE-2026-33210
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can...
CVE-2026-33210
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...
CVE-2026-33210
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...
UBUNTU-CVE-2026-33210
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...
CVE-2026-33210
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...
CVE-2026-33210 Ruby JSON has a format string injection vulnerability
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...
CVE-2026-33210 Ruby JSON has a format string injection vulnerability
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...