Vulnerable Library - rubocop-1.84.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /vendor/cache/json-2.18.1.gem
Found in HEAD commit: cd22e7bbb091fa1c59c8c70354777107c4f253bf
Vulnerabilities
| Vulnerability |
Severity |
 CVSS |
Exploit Maturity |
EPSS |
Dependency |
Type |
Fixed in (rubocop version) |
Remediation Possible** |
Reachability |
| CVE-2026-33210 |
 High |
8.2 |
Not Defined |
0.036% |
json-2.18.1.gem |
Transitive |
N/A* |
❌ |
|
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2026-33210
Vulnerable Library - json-2.18.1.gem
This is a JSON implementation as a Ruby extension in C.
Library home page: https://rubygems.org/gems/json-2.18.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /vendor/cache/json-2.18.1.gem
Dependency Hierarchy:
- rubocop-1.84.1.gem (Root Library)
- ❌ json-2.18.1.gem (Vulnerable Library)
Found in HEAD commit: cd22e7bbb091fa1c59c8c70354777107c4f253bf
Found in base branch: master
Vulnerability Details
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.
Publish Date: 2026-03-20
URL: CVE-2026-33210
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.036%
CVSS 3 Score Details (8.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-3m6g-2423-7cp3
Release Date: 2026-03-19
Fix Resolution: json - 2.19.2,json - 2.17.1.2,json - 2.15.2.1
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /vendor/cache/json-2.18.1.gem
Found in HEAD commit: cd22e7bbb091fa1c59c8c70354777107c4f253bf
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - json-2.18.1.gem
This is a JSON implementation as a Ruby extension in C.
Library home page: https://rubygems.org/gems/json-2.18.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /vendor/cache/json-2.18.1.gem
Dependency Hierarchy:
Found in HEAD commit: cd22e7bbb091fa1c59c8c70354777107c4f253bf
Found in base branch: master
Vulnerability Details
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.
Publish Date: 2026-03-20
URL: CVE-2026-33210
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.036%
CVSS 3 Score Details (8.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-3m6g-2423-7cp3
Release Date: 2026-03-19
Fix Resolution: json - 2.19.2,json - 2.17.1.2,json - 2.15.2.1