rubygem-json vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the rubygem-json package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Resource Exhaustion	*
M Resource Exhaustion	*
M HTTP Request Smuggling	*
M Inefficient Regular Expression Complexity	*
M Allocation of Resources Without Limits or Throttling	*
M Improper Validation of Specified Type of Input	*
M Covert Timing Channel	*
M Inefficient Regular Expression Complexity	*
L Resource Exhaustion	*
M Buffer Over-read	*
M Out-of-bounds Read	*
M Arbitrary Code Injection	*
M Improper Input Validation	*
M Improper Input Validation	*
M HTTP Response Splitting	*
M Out-of-bounds Write	*
M Out-of-bounds Read	*
M Reliance on Cookies without Validation and Integrity Checking	*
M Resource Exhaustion	*
M Null Byte Interaction Error (Poison Null Byte)	<0:1.7.7-36.el7
H Out-of-Bounds	<0:1.7.7-33.el7_4
H Heap-based Buffer Overflow	<0:1.7.7-33.el7_4
H Improper Input Validation	<0:1.7.7-33.el7_4
H Information Exposure	<0:1.7.7-33.el7_4
M Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<0:1.7.7-22.el7_0
M Off-by-one Error	<0:1.7.7-22.el7_0
M Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<0:1.7.7-22.el7_0
M XML External Entity (XXE) Injection	*
M HTTP Request Smuggling	*
M Improper Input Validation	*
M Directory Traversal	<0:1.7.7-36.el7
M Null Byte Interaction Error (Poison Null Byte)	<0:1.7.7-36.el7
M Resource Exhaustion	<0:1.7.7-36.el7
M Out-of-bounds Read	*
M Directory Traversal	<0:1.7.7-36.el7
M Arbitrary Code Injection	*
L HTTP Response Splitting	*
M Resource Exhaustion	*
M Null Byte Interaction Error (Poison Null Byte)	*
H Improper Certificate Validation	<0:1.7.7-34.el7_6
M Improper Input Validation	<0:1.7.7-36.el7
M Improper Verification of Cryptographic Signature	<0:1.7.7-36.el7
M Directory Traversal	<0:1.7.7-36.el7
M Cross-site Scripting (XSS)	<0:1.7.7-36.el7
M Deserialization of Untrusted Data	<0:1.7.7-36.el7
M Loop with Unreachable Exit Condition ('Infinite Loop')	<0:1.7.7-36.el7
M Improper Input Validation	<0:1.7.7-36.el7
M Directory Traversal	<0:1.7.7-36.el7
H Improper Input Validation	<0:1.7.7-35.el7_6
M Out-of-bounds Write	*
M Heap-based Buffer Overflow	*
M Out-of-bounds Read	*
M Out-of-bounds Write	*
M Out-of-bounds Read	*
M HTTP Response Splitting	<0:1.7.7-36.el7
H Arbitrary Command Injection	<0:1.7.7-33.el7_4
H Improper Input Validation	<0:1.7.7-33.el7_4
H Arbitrary Argument Injection	<0:1.7.7-35.el7_6
H Arbitrary Argument Injection	<0:1.7.7-35.el7_6
H Arbitrary Argument Injection	<0:1.7.7-35.el7_6
H Arbitrary Argument Injection	<0:1.7.7-35.el7_6
H Improper Neutralization of Special Elements	<0:1.7.7-33.el7_4
H Improper Neutralization of Special Elements	<0:1.7.7-33.el7_4
H Improper Neutralization of Special Elements	<0:1.7.7-33.el7_4
H Improper Output Neutralization for Logs	<0:1.7.7-33.el7_4
H Improper Neutralization of Special Elements	<0:1.7.7-33.el7_4
M Cleartext Transmission of Sensitive Information	*
M Information Exposure	*
M Arbitrary Command Injection	*
M Inadequate Encryption Strength	*
M Heap-based Buffer Overflow	*
M Access of Resource Using Incompatible Type ('Type Confusion')	*
M Off-by-one Error	*
L Arbitrary Argument Injection	*
L Privilege Defined With Unsafe Actions	*
M Out-of-bounds Read	*
L NULL Pointer Dereference	*
H Improper Input Validation	*
M Improper Validation of Certificate with Host Mismatch	*
L Privilege Defined With Unsafe Actions	*

Vulnerability

Vulnerable Version

Resource Exhaustion