Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-54902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The...

6.3CVSS5.9AI score0.00253EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 12:16 a.m.6 views

CVE-2026-54902

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...

6.3CVSS0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 11:40 p.m.37 views

CVE-2026-54902 Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...

6.3CVSS0.00253EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/30 11:40 p.m.5 views

CVE-2026-54902

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...

6.3CVSS5.7AI score0.00253EPSS
Exploits0
OSV
OSV
added 2026/06/19 8:47 p.m.6 views

GHSA-M578-W5VF-RFCM Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback

Summary Oj::Parser in SAJ mode does not protect cached object keys ≥ 35 bytes from garbage collection. A Ruby callback that triggers GC inside hashend can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the freed string VALUE results i...

8.7CVSS5.8AI score0.00253EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.11 views

Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback

Summary Oj::Parser in SAJ mode does not protect cached object keys ≥ 35 bytes from garbage collection. A Ruby callback that triggers GC inside hashend can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the freed string VALUE results i...

6.3CVSS5.8AI score0.00253EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder