kubeclient icon indicating copy to clipboard operation
kubeclient copied to clipboard

Published 20 hours ago verified publisher icon ManageIQ

CVE-2025-27788 (High) detected in json-2.10.1.gem

Open mend-bolt-for-github[bot] opened this issue 8 months ago • 0 comments

CVE-2025-27788 - High Severity Vulnerability

Vulnerable Library - json-2.10.1.gem

This is a JSON implementation as a Ruby extension in C.

Library home page: https://rubygems.org/gems/json-2.10.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /vendor/cache/json-2.10.1.gem

Dependency Hierarchy:

  • googleauth-1.13.1.gem (Root Library)
    • signet-0.19.0.gem
      • faraday-2.12.2.gem
        • :x: json-2.10.1.gem (Vulnerable Library)

Found in base branch: master

Vulnerability Details

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are available.

Publish Date: 2025-03-12

URL: CVE-2025-27788

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2025-03-12

Fix Resolution: v2.10.2

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Mar 12 '25 19:03 mend-bolt-for-github[bot]