[Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-33210/ruby-json
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 21 16:38:51 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
04078807 by Salvatore Bonaccorso at 2026-03-21T17:38:05+01:00
Update status for CVE-2026-33210/ruby-json
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -154,7 +154,11 @@ CVE-2026-33221 (Nhost is an open source Firebase alternative with GraphQL. Prior
NOT-FOR-US: Nhost
CVE-2026-33210 (Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to be ...)
- ruby-json <unfixed>
+ [trixie] - ruby-json <not-affected> (Vulnerable code not present)
+ [bookworm] - ruby-json <not-affected> (Vulnerable code not present)
+ [bullseye] - ruby-json <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ruby/json/security/advisories/GHSA-3m6g-2423-7cp3
+ NOTE: Introduced with: https://github.com/ruby/json/commit/8454149d034ab7e8d1c176bfb0cddd3842088981 (v2.14.0)
NOTE: Fixed by: https://github.com/ruby/json/commit/393b41c3e5f87491e1e34fa59fa78ff6fa179a74 (v2.19.2)
CVE-2026-33209 (Avo is a framework to create admin panels for Ruby on Rails apps. Prio ...)
NOT-FOR-US: Avo
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/040788070d6dc5d4a248fb472239d6946d061d6c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/040788070d6dc5d4a248fb472239d6946d061d6c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260321/c3efa73e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list