- Description
- JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are available.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-125
- Hype score
- Not currently trending
🚨 CVE-2025-27788 🔴 HIGH (7.5) 🏢 ruby - json 🏗️ >= 2.10.0, < 2.10.2 🔗 https://t.co/7ZXpy8qalF 🔗 https://t.co/Yem4EaSdKQ 🔗 https://t.co/BA59Sp0iIR #CyberCron #VulnAlert #InfoSec https://t.co/ysT55tEfPR
@cybercronai
14 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27788 JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most li… https://t.co/fiIwIvk0b8
@CVEnew
12 Mar 2025
147 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruby-lang:javascript_object_notation:*:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "51A03F9E-C16B-4045-B72A-68D238B1ECC4",
"versionEndExcluding": "2.10.2",
"versionStartIncluding": "2.10.0 "
}
],
"operator": "OR"
}
]
}
]