Vulnerability in Ruby Json

CVE-2026-33210

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_dup…

EPSS: 0.000 (11.6th percentile) — read the EPSS interpretation.

Affected products

Ruby Json — versions >= 2.14.0, < 2.15.2.1, >= 2.16.0, < 2.17.1.2, >= 2.18.0, < 2.19.2

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

References

https://github.com/ruby/json/security/advisories/GHSA-3m6g-2423-7cp3 (x_refsource_CONFIRM)