Lucene search
K

7 matches found

OSV
OSV
added 2026/06/19 7:36 p.m.4 views

GHSA-Q2GM-54R6-8FWM Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...

8.7CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.9 views

PT-2026-51084

Name of the Vulnerable Software and Affected Versions oj gem affected versions not specified Description A heap use-after-free occurs in Oj::Parserparse when a SAJ/SAJ2 callback mutates the input JSON string during the parsing process. The C engine maintains a raw pointer to the Ruby string's...

8.7CVSS6AI score
Exploits0References5
RubySec
RubySec
added 2026/06/19 12:0 a.m.5 views

Oj - Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...

2.1CVSS5.9AI score
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2012-4410

Malware in sbrugna...

4.3CVSS6AI score0.01941EPSS
Exploits0References12
OSV
OSV
added 2021/07/21 7:15 p.m.8 views

CVE-2021-32756

ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will allow an attacker to...

8.8CVSS7.6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/05/19 10:29 p.m.3 views

ruby: Buffer under-read in String#unpack

A integer underflow was found in the way Stringunpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application's memory...

7.5CVSS7.4AI score0.07825EPSS
Exploits0References5
Hacker One
Hacker One
added 2015/12/15 4:47 a.m.44 views

Square Open Source: Unsafe usage of Ruby string interpolation enabling command injection in git-fastclone

While testing git-fastclone for the ext protocol issues in my other report, I looked at the source code and immediately noticed you're using the Cocaine0 library unsafely. Cocaine will protect from command injection but it "only does that for arguments interpolated via run, NOT arguments passed...

10CVSS9.5AI score0.04801EPSS
Exploits1
Rows per page
Query Builder