RubyGems/oj — 11 CVEs

HIGH7.5CVE-2026-54592Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input

from 0, < 3.17.3

MEDIUM5.3CVE-2026-54500Oj: intern.c form_attr (uninitialized stack read)

from 0, < 3.17.3

—CVE-2026-54903Oj: Integer Overflow in Oj.load 2GB String Handling

from 0, < 3.17.3

—Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback

from 0, < 3.17.3

—Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking

from 0, < 3.17.3

—Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling

from 0, < 3.17.3

—Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

from 0, < 3.17.3

—Oj: Use-After-Free in Oj::Doc Iterators via Reentrant Close

from 0, < 3.17.3

—Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent

from 0, < 3.17.3

—Oj: Stack Buffer Overflow in Oj.dump via Large Indent

from 0, < 3.17.3

—Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle

from 0, < 3.17.3

pkg:RubyGems/oj