Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-27788

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are available.

Published

2025-03-12T14:15:16.770

Last Modified

2025-04-02T12:35:54.383

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ruby-lang	javascript_object_notation	< 2.10.2	Yes

References

https://github.com/ruby/json/commit/c56db31f800d5d508389793e69682f99749dbadf Patch ([email protected])
https://github.com/ruby/json/releases/tag/v2.10.2 Release Notes ([email protected])
https://github.com/ruby/json/security/advisories/GHSA-9m3q-rhmv-5q44 Third Party Advisory ([email protected])