Ruby/json/2.19.0

This is a JSON implementation as a Ruby extension in C.

https://rubygems.org/gems/json
Ruby

2 Security Vulnerabilities

Ruby JSON has a format string injection vulnerability

Published date: 2026-03-19T12:45:53Z
CVE: CVE-2026-33210
Links:

Impact

A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents.

This option isn't the default, if you didn't opt-in to use it, you are not impacted.

Patches

Patched in 2.19.2.

Workarounds

The issue can be avoided by not using the allow_duplicate_key: false parsing option.

Affected versions: ["2.15.2", "2.15.1", "2.15.0", "2.14.1", "2.14.0", "2.17.1", "2.17.0", "2.16.0", "2.19.1", "2.19.0", "2.18.1", "2.18.0"]
Secure versions: [2.10.2, 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.12.0, 2.12.1, 2.12.2, 2.13.0, 2.13.1, 2.13.2, 2.15.2.1, 2.17.1.2, 2.19.2, 2.19.3, 2.19.4, 2.19.5, 2.19.6, 2.19.7, 2.19.8, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.3.rc1, 2.7.4, 2.7.4.rc1, 2.7.4.rc2, 2.7.5, 2.7.6, 2.8.0, 2.8.0.alpha1, 2.8.1, 2.8.2, 2.9.0, 2.9.1]
Recommendation: Update to version 2.19.8.

Ruby JSON has a format string injection vulnerability

Published date: 2026-03-19
CVE: 2026-33210
Links:

Impact

A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents.

This option isn't the default, if you didn't opt-in to use it, you are not impacted.

Patches

Patched in 2.19.2.

Workarounds

The issue can be avoided by not using the allow_duplicate_key: false parsing option.

Affected versions: ["2.14.1", "2.14.0", "2.15.0", "2.15.1", "2.15.2", "2.16.0", "2.17.0", "2.17.1", "2.18.0", "2.18.1", "2.19.0", "2.19.1"]
Secure versions: [2.10.2, 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.12.0, 2.12.1, 2.12.2, 2.13.0, 2.13.1, 2.13.2, 2.15.2.1, 2.17.1.2, 2.19.2, 2.19.3, 2.19.4, 2.19.5, 2.19.6, 2.19.7, 2.19.8, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.3.rc1, 2.7.4, 2.7.4.rc1, 2.7.4.rc2, 2.7.5, 2.7.6, 2.8.0, 2.8.0.alpha1, 2.8.1, 2.8.2, 2.9.0, 2.9.1]
Recommendation: Update to version 2.19.8.

128 Other Versions

Version License Security Released
2.6.3 Ruby 2022-12-05 - 11:10 over 3 years
2.6.2 Ruby 2022-05-16 - 22:01 about 4 years
2.6.1 Ruby 2021-10-24 - 00:23 over 4 years
2.6.0 Ruby 2021-10-14 - 08:03 over 4 years
2.5.1 Ruby 2020-12-22 - 12:49 over 5 years
2.5.0 Ruby 2020-12-22 - 10:45 over 5 years
2.4.1 Ruby 2020-12-17 - 05:16 over 5 years
2.4.0 Ruby 2020-12-15 - 10:49 over 5 years
2.3.1 Ruby 2020-06-30 - 12:17 almost 6 years
2.3.0 Ruby 2019-12-11 - 17:33 over 6 years
2.2.0 Ruby 2 2019-02-21 - 22:28 over 7 years
2.1.0 Ruby 2 2017-04-18 - 09:40 about 9 years
2.0.4 Ruby 2 2017-04-11 - 10:42 about 9 years
2.0.3 Ruby 2 2017-01-12 - 14:21 over 9 years
2.0.2 Ruby 2 2016-07-26 - 11:12 almost 10 years
2.0.1 Ruby 2 2016-07-01 - 15:34 almost 10 years
2.0.0 Ruby 2 2016-07-01 - 09:32 almost 10 years
1.8.6 Ruby 2 2017-01-13 - 11:12 over 9 years
1.8.5 Ruby 2 2017-01-12 - 11:47 over 9 years
1.8.3 Ruby 2 2015-06-02 - 07:29 about 11 years
1.8.2 Ruby 2 2015-01-09 - 00:58 over 11 years
1.8.1 Ruby 2 2013-10-17 - 12:05 over 12 years
1.8.0 Ruby 2 2013-05-13 - 12:57 about 13 years
1.7.7 Ruby 2 2013-02-11 - 18:12 over 13 years
1.7.6 UNKNOWN 4 2012-12-31 - 00:41 over 13 years
1.7.5 UNKNOWN 4 2012-08-17 - 19:00 almost 14 years
1.7.4 UNKNOWN 4 2012-07-26 - 07:47 almost 14 years
1.7.3 UNKNOWN 4 2012-05-11 - 22:27 about 14 years
1.7.2 UNKNOWN 4 2012-05-11 - 19:04 about 14 years
1.7.1 UNKNOWN 4 2012-05-07 - 11:29 about 14 years
1.7.0 UNKNOWN 4 2012-04-28 - 01:29 about 14 years
1.6.8 UNKNOWN 2 2013-02-11 - 18:05 over 13 years
1.6.7 UNKNOWN 3 2012-04-28 - 01:17 about 14 years
1.6.6 UNKNOWN 3 2012-03-26 - 15:11 about 14 years
1.6.5 UNKNOWN 3 2012-01-15 - 14:50 over 14 years
1.6.4 UNKNOWN 3 2011-12-24 - 14:17 over 14 years
1.6.3 UNKNOWN 3 2011-12-01 - 08:18 over 14 years
1.6.2 UNKNOWN 3 2011-11-28 - 16:05 over 14 years
1.6.1 UNKNOWN 3 2011-09-18 - 13:26 over 14 years
1.6.0.1 UNKNOWN 3 2011-09-13 - 20:19 over 14 years
1.6.0 UNKNOWN 3 2011-09-12 - 23:26 over 14 years
1.5.5 UNKNOWN 2 2013-02-11 - 18:05 over 13 years
1.5.4 UNKNOWN 3 2011-08-31 - 23:26 almost 15 years
1.5.3 UNKNOWN 3 2011-06-20 - 12:36 almost 15 years
1.5.2 UNKNOWN 3 2011-06-14 - 22:39 almost 15 years
1.5.1 UNKNOWN 3 2011-01-26 - 01:20 over 15 years
1.5.0 UNKNOWN 3 2011-01-23 - 06:02 over 15 years
1.4.6 UNKNOWN 4 2010-08-12 - 23:16 almost 16 years
1.4.5 UNKNOWN 4 2010-08-07 - 16:05 almost 16 years
1.4.4 UNKNOWN 4 2010-08-06 - 20:03 almost 16 years