yajl-ruby

RubyGems2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting yajl-rubypage 1 of 1

CVE-2017-16516HIGHCVSS 7.5EG 7.5✓ Fixed in 1.3.1
2017-11-03
vulnerable: 0.5.10 ... 1.3.0 (39 versions)
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process …
CVE-2022-24795MEDIUMCVSS 5.9EG 5.9✓ Fixed in 1.4.3
2022-04-05
vulnerable: 0.5.10 ... 1.4.2 (43 versions)
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The r…

Check whether yajl-ruby is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for yajl-ruby CVEs against the assets you own.

Start Free Scan →