This page collects WhisperX intelligence signals tagged #format-string-injection. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
The maintainers of Ruby's json gem have released version 2.15.2.1, patching a format string injection vulnerability (CVE-2026-33210) that affected the JSON.parse method when called with the allow_duplicate_key: false option. The flaw allowed potentially malicious input to execute arbitrary format specifiers during pars...
A critical security vulnerability in the Ruby json gem has been addressed in the Blacklight-Cornell project, a widely deployed library discovery interface used by academic institutions. The flaw, tracked as CVE-2026-33210, constitutes a format string injection vulnerability present in the JSON.parse method when invoked...