2 matches found
CVE-2026-54896
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...
CVE-2026-54902
CVE-2026-54902 affects the Ruby gem Oj (Optimized JSON). In SAJ mode prior to 3.17.2, the parser’s key caching can be GC’d while the C parser still references it, causing a Use-After-Free and a segfault when a freed VALUE is accessed. The issue is fixed in version 3.17.2. Exploitation details are...