7 matches found
GHSA-Q2GM-54R6-8FWM Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation
Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...
PT-2026-51084
Name of the Vulnerable Software and Affected Versions oj gem affected versions not specified Description A heap use-after-free occurs in Oj::Parserparse when a SAJ/SAJ2 callback mutates the input JSON string during the parsing process. The C engine maintains a raw pointer to the Ruby string's...
Oj - Use-After-Free in Oj::Parser SAJ Callback via Input Mutation
Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...
EUVD-2012-4410
Malware in sbrugna...
CVE-2021-32756
ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will allow an attacker to...
ruby: Buffer under-read in String#unpack
A integer underflow was found in the way Stringunpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application's memory...
Square Open Source: Unsafe usage of Ruby string interpolation enabling command injection in git-fastclone
While testing git-fastclone for the ext protocol issues in my other report, I looked at the source code and immediately noticed you're using the Cocaine0 library unsafely. Cocaine will protect from command injection but it "only does that for arguments interpolated via run, NOT arguments passed...