CVE Details
| CVE ID |
Severity |
Affected Package |
Installed Version |
Fixed Version |
Date Published |
Date of Scan |
| CVE-2026-54696 |
LOW |
json |
2.18.0 |
>= 2.19.9 |
2026-06-30T23:17:28.123Z |
2026-07-06T10:19:04.101278479Z |
Affected Docker Images
| Image Name |
SHA |
public.ecr.aws/lambda/ruby:latest |
public.ecr.aws/lambda/ruby@sha256:4900e20f60279c1ac02628047bdf636baf2f308ba37a584446912faff3679457 |
public.ecr.aws/lambda/ruby:4.0 |
public.ecr.aws/lambda/ruby@sha256:4900e20f60279c1ac02628047bdf636baf2f308ba37a584446912faff3679457 |
public.ecr.aws/lambda/ruby:3.4 |
public.ecr.aws/lambda/ruby@sha256:376376109f53903274d4efa136306eb89775c286634a55adadb40c40606da6ef |
Description
Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dump(obj, io) and JSON::State#generate(obj, io) can write past the internal JSON generator buffer when a streamed object contains an
attacker-controlled string near 16 KB. Exploitation would result in a reliable process crash/denial of service. This issue has been fixed in version 2.19.9.
Remediation Steps
- Update the affected package
json from version 2.18.0 to >= 2.19.9.
About this issue
- This issue may not contain all the information about the CVE nor the images it affects.
- This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
- For more, visit Lambda Watchdog.
- This issue was created automatically by Lambda Watchdog.
CVE Details
LOWjson2.18.0>= 2.19.92026-06-30T23:17:28.123Z2026-07-06T10:19:04.101278479ZAffected Docker Images
public.ecr.aws/lambda/ruby:latestpublic.ecr.aws/lambda/ruby@sha256:4900e20f60279c1ac02628047bdf636baf2f308ba37a584446912faff3679457public.ecr.aws/lambda/ruby:4.0public.ecr.aws/lambda/ruby@sha256:4900e20f60279c1ac02628047bdf636baf2f308ba37a584446912faff3679457public.ecr.aws/lambda/ruby:3.4public.ecr.aws/lambda/ruby@sha256:376376109f53903274d4efa136306eb89775c286634a55adadb40c40606da6efDescription
Remediation Steps
jsonfrom version2.18.0to>= 2.19.9.About this issue