CVE-2026-54899
CVE-2026-54899
Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbol_keys on a reused Oj::Parser instance triggers a heap use-after-free. When symbol_keys is toggled from true to fals…
Vulnerability class: Use-After-Free
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)