2 matches found
CVE-2026-54899
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the optsymbolkeysset. An attacker can cause the application to read from freed memory by toggling the symbolkeys option from true to false on a reused parser instance and then invoking the parse method. Remediation...