CVE Details
| CVE ID |
Severity |
Affected Package |
Installed Version |
Fixed Version |
Date Published |
Date of Scan |
| CVE-2026-33210 |
CRITICAL |
json |
2.18.0 |
~> 2.15.2.1, ~> 2.17.1.2, >= 2.19.2 |
2026-03-20T23:16:46.01Z |
2026-05-09T10:19:21.162912153Z |
Affected Docker Images
| Image Name |
SHA |
public.ecr.aws/lambda/ruby:4.0 |
public.ecr.aws/lambda/ruby@sha256:b92694baff57c96c12ad78429f62efd197d0682b51e9fee81b8332a970915266 |
Description
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.
Remediation Steps
- Update the affected package
json from version 2.18.0 to ~> 2.15.2.1, ~> 2.17.1.2, >= 2.19.2.
About this issue
- This issue may not contain all the information about the CVE nor the images it affects.
- This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
- For more, visit Lambda Watchdog.
- This issue was created automatically by Lambda Watchdog.
CVE Details
CRITICALjson2.18.0~> 2.15.2.1, ~> 2.17.1.2, >= 2.19.22026-03-20T23:16:46.01Z2026-05-09T10:19:21.162912153ZAffected Docker Images
public.ecr.aws/lambda/ruby:4.0public.ecr.aws/lambda/ruby@sha256:b92694baff57c96c12ad78429f62efd197d0682b51e9fee81b8332a970915266Description
Remediation Steps
jsonfrom version2.18.0to~> 2.15.2.1, ~> 2.17.1.2, >= 2.19.2.About this issue