Use After Free in Ohler55 Oj
CVE-2026-54902
Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys (≥ 35 bytes) from garbage coll…
Vulnerability class: Use-After-Free
Affected products
- Ohler55 Oj — versions < 3.17.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)