CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27788 – Ruby JSON Parser has Out-of-bounds Read
https://notcve.org/view.php?id=CVE-2025-27788
12 Mar 2025 — JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are available. • https://github.com/ruby/json/commit/c56db31f800d5d508389793e69682f99749dbadf • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 3CVE-2020-7712 – Command Injection
https://notcve.org/view.php?id=CVE-2020-7712
30 Aug 2020 — This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. Esto afecta al paquete json versiones anteriores a 10.0.0. Es posible inyectar comandos arbitrarios usando la función parseLookup • https://github.com/trentm/json/issues/144 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •