The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade json to version 2.19.9 or higher.
json is a JSON implementation as a Ruby extension in C.
Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the JSON.dump or JSON::State#generate process when streaming oversized attacker-controlled strings to an IO object. An attacker can cause a process crash or denial of service by providing a specially crafted string near 16 KB in size.