Lucene search
K

17 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-54899

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but...

6.3CVSS0.00428EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-54899 Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but...

6.3CVSS0.00428EPSS
Exploits0References1
Debian CVE
Debian CVE
added 3 days ago3 views

CVE-2026-54899

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but...

6.3CVSS5.7AI score0.00428EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/23 1:26 p.m.9 views

CVE-2026-47209

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. This vulnerability allows an attacker to bypass security restrictions by writing dangerous cross-realm Symbol keys to host objects. This can lead to a compromise of the integrity of the host system, potentially enabli...

8.6CVSS6.5AI score0.00287EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/19 7:34 p.m.4 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the optsymbolkeysset. An attacker can cause the application to read from freed memory by toggling the symbolkeys option from true to false on a reused parser instance and then invoking the parse method. Remediation...

8.7CVSS5.9AI score0.00428EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 7:34 p.m.5 views

GHSA-2CW7-V8FF-P88R Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle

Summary Disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but does not clear the pointer. The next parse call reads from the freed cache via cacheintern,...

8.7CVSS5.9AI score0.00428EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.7 views

Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle

Summary Disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but does not clear the pointer. The next parse call reads from the freed cache via cacheintern,...

6.3CVSS5.9AI score0.00428EPSS
Exploits0References2Affected Software1
RubySec
RubySec
added 2026/06/19 12:0 a.m.6 views

Oj - Use-After-Free in Oj::Parser Symbol Key Cache Toggle

Summary Disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but does not clear the pointer. The next parse call reads from the freed cache via cacheintern,...

6.3CVSS5.8AI score0.00428EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51085

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description A heap use-after-free occurs when disabling symbol keys on a reused Oj::Parser instance. When the symbol keys setting is changed from true to false, the opt symbol keys set function frees the internal ke...

8.7CVSS5.8AI score0.00428EPSS
Exploits0References4
NVD
NVD
added 2026/06/12 3:16 p.m.11 views

CVE-2026-47209

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object...

8.6CVSS0.00287EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 2:14 p.m.34 views

CVE-2026-47209 vm2: Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object...

8.6CVSS0.00287EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:14 p.m.10 views

EUVD-2026-36440

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object...

8.6CVSS5.2AI score0.00287EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 5:49 p.m.6 views

GHSA-C4CF-2HGV-2QV6 vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain

Summary The BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object inherits from the proxy via Object.create, the property assignment...

8.6CVSS6AI score0.00287EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/29 5:49 p.m.13 views

vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain

Summary The BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object inherits from the proxy via Object.create, the property assignment...

8.6CVSS6AI score0.00287EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/29 5:44 p.m.9 views

Incomplete List of Disallowed Inputs

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through Symbol.for handling in lib/setup-sandbox.js and the bridge write traps in lib/bridge.js. An attacker can...

9.5CVSS5.9AI score0.00266EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 5:44 p.m.9 views

Incomplete List of Disallowed Inputs

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through Symbol.for handling in lib/setup-sandbox.js and the bridge write traps in lib/bridge.js...

9.5CVSS5.9AI score0.00266EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 4:0 a.m.9 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the lib/bridge.js value-conversion paths. An attacker can extract the host Symbol.for'nodejs.util.inspect.custom' or...

10CVSS6.5AI score0.00976EPSS
Exploits1References2
Rows per page
Query Builder