Ruby/json/2.10.1

This is a JSON implementation as a Ruby extension in C.

https://rubygems.org/gems/json
Ruby

2 Security Vulnerabilities

Out-of-bounds Read in Ruby JSON Parser

Published date: 2025-03-12T15:35:23Z
CVE: CVE-2025-27788
Links:

Impact

A specially crafted document could cause an out of bound read, most likely resulting in a crash.

Versions 2.10.0 and 2.10.1 are impacted. Older versions are not.

Patches

Version 2.10.2 fixes the problem.

Workarounds

None.

Affected versions: ["2.10.1", "2.10.0"]
Secure versions: [2.10.2, 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.12.0, 2.12.1, 2.12.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.3.rc1, 2.7.4, 2.7.4.rc1, 2.7.4.rc2, 2.7.5, 2.7.6, 2.8.0, 2.8.0.alpha1, 2.8.1, 2.8.2, 2.9.0, 2.9.1]
Recommendation: Update to version 2.12.2.

Out-of-bounds Read in Ruby JSON Parser

Published date: 2025-03-12
CVE: 2025-27788
CVSS V3: 7.5
Links:

Impact

A specially crafted document could cause an out of bound read, most likely resulting in a crash.

Versions 2.10.0 and 2.10.1 are impacted. Older versions are not.

Patches

Version 2.10.2 fixes the problem.

Workarounds

None.

Affected versions: ["2.10.1", "2.10.0"]
Secure versions: [2.10.2, 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.12.0, 2.12.1, 2.12.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.3.rc1, 2.7.4, 2.7.4.rc1, 2.7.4.rc2, 2.7.5, 2.7.6, 2.8.0, 2.8.0.alpha1, 2.8.1, 2.8.2, 2.9.0, 2.9.1]
Recommendation: Update to version 2.12.2.

104 Other Versions

Version License Security Released
0.4.3 UNKNOWN 5 2009-07-25 - 18:11 almost 16 years
0.4.2 UNKNOWN 5 2009-07-25 - 18:11 almost 16 years
0.4.1 UNKNOWN 5 2009-07-25 - 18:11 almost 16 years
0.4.0 UNKNOWN 5 2009-07-25 - 18:11 almost 16 years