Joyent Json vulnerabilities

5 known vulnerabilities affecting joyent/json.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5

Vulnerabilities

Page 1 of 1
CVE-2026-33210HIGH≥ 2.18.0, < 2.19.2≥ 2.16.0, < 2.17.1.2+1 more2026-03-19
CVE-2026-33210 [HIGH] CWE-134 Ruby JSON has a format string injection vulnerability Ruby JSON has a format string injection vulnerability ### Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the `allow_duplicate_key: false` parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted. ### Patches Patched in `2.19.2`. ### Workarounds The
ghsaosv
CVE-2025-27788HIGH≥ 2.10.0, < 2.10.22025-03-12
CVE-2025-27788 [HIGH] CWE-125 Out-of-bounds Read in Ruby JSON Parser Out-of-bounds Read in Ruby JSON Parser ### Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. ### Patches Version 2.10.2 fixes the problem. ### Workarounds None.
ghsaosv
CVE-2020-7712HIGHCVSS 7.2fixed in 10.0.0≥ unspecified, < 10.0.02020-08-30
CVE-2020-7712 [HIGH] CWE-78 CVE-2020-7712: This affects the package json before 10.0.0. It is possible to inject arbritary commands using the p This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.
cvelistv5ghsanvdosv
CVE-2020-10663HIGHCVSS 7.5≥ 0, < 2.3.02020-07-27
CVE-2020-10663 [HIGH] CWE-20 Unsafe object creation in json RubyGem Unsafe object creation in json RubyGem The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interprete
ghsaosv
CVE-2013-0269HIGH≥ 0, < 1.5.5≥ 1.6.0, < 1.6.8+1 more2017-10-24
CVE-2013-0269 [HIGH] CWE-20 JSON gem has Improper Input Validation vulnerability JSON gem has Improper Input Validation vulnerability The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection att
ghsaosv