The linked article shows that there are unclear parts in the JSON specification and that different parsers treat them differently (which could lead to security vulnerabilities in certain cases).

Do you need DevOps-experts?

Your development team has a full backlog? No time for infrastructure architecture? Our DevOps team is ready to support you!

• We build reliable cloud solutions with Infrastructure as code
• We are experts in security, Linux and databases
• We support your dev team to perform

Read more Show archive.org snapshot

I was curious what Ruby does (Ruby 2.6.6 with gem json 2.3.0, implementing RFC 7159):

Duplicate Keys

irb(main):001:0> require 'json'
=> true
irb(main):002:0> JSON.parse('{"qty": 1, "qty": -1}')
=> {"qty"=>-1}

Character Collision

irb(main):009:0> JSON.parse('{"qty": 1, "qty\ud800": -1}')
JSON::ParserError (487: incomplete surrogate pair at 'qty\ud800": -1}')

irb(main):007:0> JSON.parse('{"qty": 1, "qty"": -1}')
JSON::ParserError (784: unexpected token at '{"qty": 1, "qty"": -1}')

This one was unexpected for me:

irb(main):008:0> JSON.parse('{"qty": 1, "qt\y": -1}')
=> {"qty"=>-1}

Comment Truncation

irb(main):010:0> JSON.parse('{"qty": 1, "extra": 1/*, "qty": -1, "extra2": 2*/}')
=> {"qty"=>1, "extra"=>1}

irb(main):011:0> JSON.parse('{"qty": 1, "extra": a/*, "qty": -1, "extra2": b*/}')
JSON::ParserError (784: unexpected token at '{"qty": 1, "extra": a/*, "qty": -1, "extra2": b*/}')

irb(main):012:0> JSON.parse('{"qty": 1, "extra": "a/*", "qty": -1, "extra2": "b"*/}')
JSON::ParserError (784: unexpected token at '{"qty": 1, "extra": "a/*", "qty": -1, "extra2": "b"*/}')

irb(main):013:0> JSON.parse('{"qty": 1, "extra": "a"//, "qty": -1}')
JSON::ParserError (784: unexpected token at '{"qty": 1, "extra": "a"//, "qty": -1}')

Number Decoding

irb(main):014:0> JSON.parse('{"qty": 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999}')
=> {"qty"=>999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999}

irb(main):015:0> JSON.parse('{"qty": -999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999}')
=> {"qty"=>-999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999}

irb(main):016:0> JSON.parse('{"qty": 1.0e4096}')
=> {"qty"=>Infinity}

irb(main):017:0> JSON.parse('{"qty": -1.0e4096}')
=> {"qty"=>-Infinity}