CVE-2026-54897
CVE-2026-54897
Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators (each_value, each_child, each_leaf) were vulnerable to a heap use-after-free. When a Ruby block yielded during iteration…
Vulnerability class: Use-After-Free
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)