Use After Free in Ohler55 Oj
CVE-2026-54901
Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark array_class and hash_class references during garbage collection, leading to Use-After-Fr…
Vulnerability class: Use-After-Free
Affected products
- Ohler55 Oj — versions < 3.17.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)