CVE-2026-54898

CVE-2026-54898

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parser#parse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. T…

Vulnerability class: Use-After-Free

Weakness classification (CWE)

References