CVE-2026-33210
Ruby JSON has a format string injection vulnerability
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
3th
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.
| CWE | CWE-134 |
| Vendor | ruby |
| Product | json |
| Ecosystems | |
| Industries | Technology |
| Published | Mar 20, 2026 |
| Last Updated | Mar 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for ruby json
Be the first to know when new unknown vulnerabilities affecting ruby json are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
ruby / json
>= 2.14.0, < 2.15.2.1 >= 2.16.0, < 2.17.1.2 >= 2.18.0, < 2.19.2