CVE-2026-54898
CVE-2026-54898
Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parser#parse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. T…
Vulnerability class: Use-After-Free
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)