69 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-54696
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an...
DEBIAN-CVE-2026-54899
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but...
UBUNTU-CVE-2026-54900
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with createid enabled, Oj::Parserparse is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer...
UBUNTU-CVE-2026-54898
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...
UBUNTU-CVE-2026-54896
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...
CVE-2026-54696
Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dumpobj, io and JSON::Stategenerateobj, io can write past the internal JSON generat...
UBUNTU-CVE-2026-54696
Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dumpobj, io and JSON::Stategenerateobj, io can write past the internal JSON generat...
CVE-2026-54696
Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dumpobj, io and JSON::Stategenerateobj, io can write past the internal JSON generat...
CVE-2026-54696
CVE-2026-54696 affects the Ruby JSON gem, specifically versions 2.9.0 through 2.19.8. The issue is a heap buffer overflow that occurs when the JSON generator handles an oversized streamed object written via JSON.dump(obj, io) or JSON::State#generate(obj, io). If a streamed object contains an atta...
CVE-2026-54696 Ruby JSON: JSON generator heap buffer overflow when streaming to an IO
Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dumpobj, io and JSON::Stategenerateobj, io can write past the internal JSON generat...
PT-2026-54020
Name of the Vulnerable Software and Affected Versions Ruby JSON versions 2.9.0 through 2.19.8 Description A heap buffer overflow occurs when the JSON generator processes an oversized streamed object. Specifically, when streaming to an IO, the JSON.dumpobj, io and JSON::Stategenerateobj, io...
JSON generator heap buffer overflow when streaming to an IO
Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dumpobj, io and JSON::Stategenerateobj, io can write past the internal JSON generat...
AlmaLinux 10 : ruby4.0 (ALSA-2026:20606)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20606 advisory. ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary code execution via...
RockyLinux 10 : ruby4.0 (RLSA-2026:20606)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20606 advisory. ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary code execution via...
ruby:4.0 security update
An update is available for module.ruby, module.rubygem-mysql2, module.rubygem-pg, rubygem-mysql2, ruby, rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...
RHEL 10 : ruby4.0 (RHSA-2026:20606)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20606 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and ...
ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection
A flaw was found in Ruby JSON. This vulnerability, a format string injection, allows a remote attacker to cause a denial of service DoS or disclose sensitive information. The flaw occurs when processing specially crafted user-supplied documents with the allowduplicatekey: false parsing option...
CLEANSTART-2026-GE08280 Ruby JSON is a JSON implementation for Ruby
Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details...
CLEANSTART-2026-RZ30606 Ruby JSON is a JSON implementation for Ruby
Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details...
[SECURITY] Fedora 44 Update: rubygem-json-2.19.2-1.fc44
This is a implementation of the JSON specification according to RFC 4627 in Ruby. You can think of it as a low fat alternative to XML, if you want to store data to disk or transmit it over a network rather than use a verbose markup language...