apk package
chainguard/ruby3.3-fluentd-kubernetes-daemonset-1.17-kinesis
pkg:apk/chainguard/ruby3.3-fluentd-kubernetes-daemonset-1.17-kinesis
Vulnerabilities (21)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-54906 | low | — | < 1.17.1.1.2-r10 | 1.17.1.1.2-r10 | Jun 19, 2026 | ### Summary `Concurrent::ReadWriteLock#release_write_lock` does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while | |
| CVE-2026-54905 | low | — | < 1.17.1.1.2-r10 | 1.17.1.1.2-r10 | Jun 19, 2026 | ### Summary `Concurrent::ReentrantReadWriteLock` can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is u | |
| CVE-2026-54904 | hig | — | < 1.17.1.1.2-r10 | 1.17.1.1.2-r10 | Jun 19, 2026 | ### Summary `Concurrent::AtomicReference#update` can enter a permanent busy retry loop when the current value is `Float::NAN`. The issue is caused by the interaction between: - `AtomicReference#update`, which retries until `compare_and_set(old_value, new_value)` succeeds. - Nume | |
| CVE-2026-54903 | hig | — | < 1.17.1.1.2-r9 | 1.17.1.1.2-r9 | Jun 19, 2026 | ### Summary `Oj.load` is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in `buf_append_string` (`buf.h:61`) converts the string length to a large negative `size_t`, causing `memcpy` to copy an astronomically large amount of data ou | |
| CVE-2026-54902 | hig | — | < 1.17.1.1.2-r9 | 1.17.1.1.2-r9 | Jun 19, 2026 | ### Summary `Oj::Parser` in SAJ mode does not protect cached object keys (≥ 35 bytes) from garbage collection. A Ruby callback that triggers GC inside `hash_end` can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the | |
| CVE-2026-54901 | hig | — | < 1.17.1.1.2-r9 | 1.17.1.1.2-r9 | Jun 19, 2026 | ### Summary `Oj::Parser` in usual mode does not mark `array_class` and `hash_class` references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent `parse` | |
| CVE-2026-54900 | hig | — | < 1.17.1.1.2-r9 | 1.17.1.1.2-r9 | Jun 19, 2026 | ### Summary `Oj::Parser#parse` in usual mode with `create_id` enabled is vulnerable to heap corruption via a negative-size `memcpy`. When a JSON object key is exactly 65,535 bytes long, an integer truncation in `form_attr` (`usual.c:63`) converts the length to `-1` before passin | |
| CVE-2026-54898 | hig | — | < 1.17.1.1.2-r9 | 1.17.1.1.2-r9 | Jun 19, 2026 | ### Summary `Oj::Parser#parse` is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw `const byte *` pointer into the Ruby string's internal buffer. If a callback (e.g. `hash_start`) resizes the stri | |
| CVE-2026-54897 | hig | — | < 1.17.1.1.2-r9 | 1.17.1.1.2-r9 | Jun 19, 2026 | ### Summary `Oj::Doc` iterators (`each_value`, `each_child`, `each_leaf`) are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls `doc.close` or `d.close`, the document's heap memory is freed while the C iterator is still running. When control r | |
| CVE-2026-54896 | hig | — | < 1.17.1.1.2-r9 | 1.17.1.1.2-r9 | Jun 19, 2026 | ### Summary `Oj.dump` in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large `:indent` value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With ` | |
| CVE-2026-54592 | hig | — | < 1.17.1.1.2-r9 | 1.17.1.1.2-r9 | Jun 19, 2026 | ### Summary `Oj::Doc#each_child`, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process. This is a denial of service reachable from untrusted JSON. ### Details Two-step chain in `ext/oj/fast.c`: 1. **`doc_each_ | |
| CVE-2026-54500 | — | < 1.17.1.1.2-r9 | 1.17.1.1.2-r9 | Jun 19, 2026 | ### Summary `Oj.load` in `:object` mode reads uninitialized stack memory (and, for long keys, reads out of bounds) when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. ### Details In `ext/oj | ||
| CVE-2026-54502 | hig | — | < 1.17.1.1.2-r9 | 1.17.1.1.2-r9 | Jun 19, 2026 | ### Summary `Oj.dump` is vulnerable to a stack-based buffer overflow when a large `:indent` value is provided by the developer. `fill_indent` in `dump.h` calls `memset(indent_str, ' ', (size_t)opts->indent)` without validating the size. When `opts->indent` is set to `INT_MAX` (2 | |
| CVE-2026-54899 | hig | — | < 1.17.1.1.2-r9 | 1.17.1.1.2-r9 | Jun 19, 2026 | ### Summary Disabling `symbol_keys` on a reused `Oj::Parser` instance triggers a heap use-after-free. When `symbol_keys` is toggled from `true` to `false`, `opt_symbol_keys_set` frees the internal key cache (`cache_free`) but does not clear the pointer. The next `parse` call rea | |
| CVE-2026-35611 | Hig | 7.5 | < 1.17.1.1.2-r8 | 1.17.1.1.2-r8 | Apr 7, 2026 | Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic b | |
| CVE-2025-58767 | — | < 1.17.1.1.2-r7 | 1.17.1.1.2-r7 | Sep 17, 2025 | REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches | ||
| CVE-2024-49761 | — | < 1.17.1.1.2-r2 | 1.17.1.1.2-r2 | Oct 28, 2024 | REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected mainta | ||
| CVE-2024-43398 | — | < 1.17.1.1.2-r2 | 1.17.1.1.2-r2 | Aug 22, 2024 | REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to t | ||
| CVE-2024-41946 | — | < 1.17.1.1.2-r2 | 1.17.1.1.2-r2 | Aug 1, 2024 | REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability. | ||
| CVE-2024-41123 | — | < 1.17.1.1.2-r2 | 1.17.1.1.2-r2 | Aug 1, 2024 | REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities. |
- affected < 1.17.1.1.2-r10fixed 1.17.1.1.2-r10
### Summary `Concurrent::ReadWriteLock#release_write_lock` does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while
- affected < 1.17.1.1.2-r10fixed 1.17.1.1.2-r10
### Summary `Concurrent::ReentrantReadWriteLock` can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is u
- affected < 1.17.1.1.2-r10fixed 1.17.1.1.2-r10
### Summary `Concurrent::AtomicReference#update` can enter a permanent busy retry loop when the current value is `Float::NAN`. The issue is caused by the interaction between: - `AtomicReference#update`, which retries until `compare_and_set(old_value, new_value)` succeeds. - Nume
- affected < 1.17.1.1.2-r9fixed 1.17.1.1.2-r9
### Summary `Oj.load` is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in `buf_append_string` (`buf.h:61`) converts the string length to a large negative `size_t`, causing `memcpy` to copy an astronomically large amount of data ou
- affected < 1.17.1.1.2-r9fixed 1.17.1.1.2-r9
### Summary `Oj::Parser` in SAJ mode does not protect cached object keys (≥ 35 bytes) from garbage collection. A Ruby callback that triggers GC inside `hash_end` can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the
- affected < 1.17.1.1.2-r9fixed 1.17.1.1.2-r9
### Summary `Oj::Parser` in usual mode does not mark `array_class` and `hash_class` references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent `parse`
- affected < 1.17.1.1.2-r9fixed 1.17.1.1.2-r9
### Summary `Oj::Parser#parse` in usual mode with `create_id` enabled is vulnerable to heap corruption via a negative-size `memcpy`. When a JSON object key is exactly 65,535 bytes long, an integer truncation in `form_attr` (`usual.c:63`) converts the length to `-1` before passin
- affected < 1.17.1.1.2-r9fixed 1.17.1.1.2-r9
### Summary `Oj::Parser#parse` is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw `const byte *` pointer into the Ruby string's internal buffer. If a callback (e.g. `hash_start`) resizes the stri
- affected < 1.17.1.1.2-r9fixed 1.17.1.1.2-r9
### Summary `Oj::Doc` iterators (`each_value`, `each_child`, `each_leaf`) are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls `doc.close` or `d.close`, the document's heap memory is freed while the C iterator is still running. When control r
- affected < 1.17.1.1.2-r9fixed 1.17.1.1.2-r9
### Summary `Oj.dump` in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large `:indent` value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With `
- affected < 1.17.1.1.2-r9fixed 1.17.1.1.2-r9
### Summary `Oj::Doc#each_child`, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process. This is a denial of service reachable from untrusted JSON. ### Details Two-step chain in `ext/oj/fast.c`: 1. **`doc_each_
- CVE-2026-54500Jun 19, 2026affected < 1.17.1.1.2-r9fixed 1.17.1.1.2-r9
### Summary `Oj.load` in `:object` mode reads uninitialized stack memory (and, for long keys, reads out of bounds) when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. ### Details In `ext/oj
- affected < 1.17.1.1.2-r9fixed 1.17.1.1.2-r9
### Summary `Oj.dump` is vulnerable to a stack-based buffer overflow when a large `:indent` value is provided by the developer. `fill_indent` in `dump.h` calls `memset(indent_str, ' ', (size_t)opts->indent)` without validating the size. When `opts->indent` is set to `INT_MAX` (2
- affected < 1.17.1.1.2-r9fixed 1.17.1.1.2-r9
### Summary Disabling `symbol_keys` on a reused `Oj::Parser` instance triggers a heap use-after-free. When `symbol_keys` is toggled from `true` to `false`, `opt_symbol_keys_set` frees the internal key cache (`cache_free`) but does not clear the pointer. The next `parse` call rea
- affected < 1.17.1.1.2-r8fixed 1.17.1.1.2-r8
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic b
- CVE-2025-58767Sep 17, 2025affected < 1.17.1.1.2-r7fixed 1.17.1.1.2-r7
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches
- CVE-2024-49761Oct 28, 2024affected < 1.17.1.1.2-r2fixed 1.17.1.1.2-r2
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected mainta
- CVE-2024-43398Aug 22, 2024affected < 1.17.1.1.2-r2fixed 1.17.1.1.2-r2
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to t
- CVE-2024-41946Aug 1, 2024affected < 1.17.1.1.2-r2fixed 1.17.1.1.2-r2
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
- CVE-2024-41123Aug 1, 2024affected < 1.17.1.1.2-r2fixed 1.17.1.1.2-r2
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
Page 1 of 2