CVE search results

1 – 6 of 6 results

Detailed view

Sort by:

CVE-2025-27788

Medium priority

Needs evaluation

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not...

1 affected package

ruby-json

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby-json	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-51774

Medium priority

Needs evaluation

The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.

1 affected package

ruby-json-jwt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby-json-jwt	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2020-10663

Medium priority

Some fixes available 2 of 7

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor...

5 affected packages

ruby-json, ruby2.1, ruby2.3, ruby2.5, ruby2.7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby-json	Not affected	Not affected	Not affected	Needs evaluation
ruby2.1	Not in release	Not in release	Not in release	Not in release
ruby2.3	Not in release	Not in release	Not in release	Not in release
ruby2.5	Not in release	Not in release	Not in release	Fixed
ruby2.7	—	—	Not affected	Not in release

CVE-2019-18848

Medium priority

Vulnerable

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.

1 affected package

ruby-json-jwt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby-json-jwt	Not affected	Not affected	Not affected	Vulnerable

CVE-2018-1000539

Medium priority

Vulnerable

Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication...

1 affected package

ruby-json-jwt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby-json-jwt	Not affected	Not affected	Not affected	Vulnerable

CVE-2013-0269

Medium priority

Some fixes available 7 of 13

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON...

2 affected packages

ruby-json, ruby1.9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby-json	—	—	—	—
ruby1.9.1	—	—	—	—

Search CVE reports