Vulnerable Library - json-2.18.1.gem
This is a JSON implementation as a Ruby extension in C.
Library home page: https://rubygems.org/gems/json-2.18.1.gem
Path to dependency file: /ArchivingNewArchitecture/Gemfile.lock
Path to vulnerable library: /ArchivingNewArchitecture/vendor/cache/json-2.18.1.gem,/MultipartyNewArchitecture/vendor/cache/json-2.18.1.gem,/BasicVideoChatNewArchitecture/vendor/bundle/ruby/3.2.0/cache/json-2.18.1.gem,/BasicVideoChatNewArchitecture/vendor/cache/json-2.18.1.gem,/MultipartyNewArchitecture/vendor/bundle/ruby/3.2.0/cache/json-2.18.1.gem,/ArchivingNewArchitecture/vendor/bundle/ruby/3.2.0/cache/json-2.18.1.gem
Vulnerabilities
| Vulnerability |
Severity |
 CVSS |
Exploit Maturity |
EPSS |
Dependency |
Type |
Fixed in (json version) |
Remediation Possible** |
Reachability |
| CVE-2026-33210 |
 High |
8.2 |
Not Defined |
0.038% |
json-2.18.1.gem |
Direct |
json - 2.19.2,json - 2.17.1.2,json - 2.15.2.1 |
❌ |
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2026-33210
Vulnerable Library - json-2.18.1.gem
This is a JSON implementation as a Ruby extension in C.
Library home page: https://rubygems.org/gems/json-2.18.1.gem
Path to dependency file: /ArchivingNewArchitecture/Gemfile.lock
Path to vulnerable library: /ArchivingNewArchitecture/vendor/cache/json-2.18.1.gem,/MultipartyNewArchitecture/vendor/cache/json-2.18.1.gem,/BasicVideoChatNewArchitecture/vendor/bundle/ruby/3.2.0/cache/json-2.18.1.gem,/BasicVideoChatNewArchitecture/vendor/cache/json-2.18.1.gem,/MultipartyNewArchitecture/vendor/bundle/ruby/3.2.0/cache/json-2.18.1.gem,/ArchivingNewArchitecture/vendor/bundle/ruby/3.2.0/cache/json-2.18.1.gem
Dependency Hierarchy:
- ❌ json-2.18.1.gem (Vulnerable Library)
Found in base branch: main
Vulnerability Details
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.
Publish Date: 2026-03-20
URL: CVE-2026-33210
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.038%
CVSS 3 Score Details (8.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-3m6g-2423-7cp3
Release Date: 2026-03-19
Fix Resolution: json - 2.19.2,json - 2.17.1.2,json - 2.15.2.1
This is a JSON implementation as a Ruby extension in C.
Library home page: https://rubygems.org/gems/json-2.18.1.gem
Path to dependency file: /ArchivingNewArchitecture/Gemfile.lock
Path to vulnerable library: /ArchivingNewArchitecture/vendor/cache/json-2.18.1.gem,/MultipartyNewArchitecture/vendor/cache/json-2.18.1.gem,/BasicVideoChatNewArchitecture/vendor/bundle/ruby/3.2.0/cache/json-2.18.1.gem,/BasicVideoChatNewArchitecture/vendor/cache/json-2.18.1.gem,/MultipartyNewArchitecture/vendor/bundle/ruby/3.2.0/cache/json-2.18.1.gem,/ArchivingNewArchitecture/vendor/bundle/ruby/3.2.0/cache/json-2.18.1.gem
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - json-2.18.1.gem
This is a JSON implementation as a Ruby extension in C.
Library home page: https://rubygems.org/gems/json-2.18.1.gem
Path to dependency file: /ArchivingNewArchitecture/Gemfile.lock
Path to vulnerable library: /ArchivingNewArchitecture/vendor/cache/json-2.18.1.gem,/MultipartyNewArchitecture/vendor/cache/json-2.18.1.gem,/BasicVideoChatNewArchitecture/vendor/bundle/ruby/3.2.0/cache/json-2.18.1.gem,/BasicVideoChatNewArchitecture/vendor/cache/json-2.18.1.gem,/MultipartyNewArchitecture/vendor/bundle/ruby/3.2.0/cache/json-2.18.1.gem,/ArchivingNewArchitecture/vendor/bundle/ruby/3.2.0/cache/json-2.18.1.gem
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.
Publish Date: 2026-03-20
URL: CVE-2026-33210
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.038%
CVSS 3 Score Details (8.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-3m6g-2423-7cp3
Release Date: 2026-03-19
Fix Resolution: json - 2.19.2,json - 2.17.1.2,json - 2.15.2.1