Description
Vulnerable Library - rubocop-1.72.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /vendor/cache/json-2.10.1.gem
Found in HEAD commit: cd22e7bbb091fa1c59c8c70354777107c4f253bf
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Exploit Maturity | EPSS | Dependency | Type | Fixed in (rubocop version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|---|---|
| CVE-2025-27788 |  High |
7.5 | Not Defined | 0.1% | json-2.10.1.gem | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2025-27788
Vulnerable Library - json-2.10.1.gem
This is a JSON implementation as a Ruby extension in C.
Library home page: https://rubygems.org/gems/json-2.10.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /vendor/cache/json-2.10.1.gem
Dependency Hierarchy:
- rubocop-1.72.2.gem (Root Library)
- ❌ json-2.10.1.gem (Vulnerable Library)
Found in HEAD commit: cd22e7bbb091fa1c59c8c70354777107c4f253bf
Found in base branch: master
Vulnerability Details
JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are available.
Publish Date: 2025-03-12
URL: CVE-2025-27788
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High